public IHttpActionResult AddPost(AddNewPostBindingModel bindingModel) { if (bindingModel == null) { return(this.BadRequest("Invalid data!")); } if (!this.ModelState.IsValid) { return(this.BadRequest(this.ModelState)); } var existingWallOwner = this.Data .Users .All() .FirstOrDefault(u => u.UserName == bindingModel.Username); if (existingWallOwner == null) { return(this.BadRequest("No such user!")); } var currentUserId = this.UserIdProvider.GetUserId(); var currentUser = this.Data.Users.Find(currentUserId); if ((!currentUser.Friends.Contains(existingWallOwner)) && (currentUserId != existingWallOwner.Id)) { return(this.BadRequest("You have no permissions to make this post.")); } var post = new Post { Content = bindingModel.PostContent, PostedOn = DateTime.Now, AuthorId = currentUserId, WallOwnerId = existingWallOwner.Id }; this.Data.Posts.Add(post); this.Data.SaveChanges(); AddPostViewModel postViewModel = AddPostViewModel.ConvertTo(post, currentUser); return(this.Ok(postViewModel)); }
public IHttpActionResult AddPost(AddNewPostBindingModel bindingModel) { if (bindingModel == null) { return this.BadRequest("Invalid data!"); } if (!this.ModelState.IsValid) { return this.BadRequest(this.ModelState); } var existingWallOwner = this.Data .Users .All() .FirstOrDefault(u => u.UserName == bindingModel.Username); if (existingWallOwner == null) { return this.BadRequest("No such user!"); } var currentUserId = this.UserIdProvider.GetUserId(); var currentUser = this.Data.Users.Find(currentUserId); if ((!currentUser.Friends.Contains(existingWallOwner)) && (currentUserId != existingWallOwner.Id)) { return this.BadRequest("You have no permissions to make this post."); } var post = new Post { Content = bindingModel.PostContent, PostedOn = DateTime.Now, AuthorId = currentUserId, WallOwnerId = existingWallOwner.Id }; this.Data.Posts.Add(post); this.Data.SaveChanges(); AddPostViewModel postViewModel = AddPostViewModel.ConvertTo(post, currentUser); return this.Ok(postViewModel); }