public async Task <IActionResult> AddBookToUser(string appUserId, string bookId) { var appUser = await _db.AppUsers.FirstOrDefaultAsync(u => u.Id == appUserId); var book = await _db.Books.FirstOrDefaultAsync(b => b.Id == bookId); if (appUser == null || book == null) { return(RedirectToAction("Index")); } var appUserBook = new AppUserBook { AppUserId = appUserId, AppUser = appUser, BookId = bookId, Book = book, }; appUser.AppUserBooks ??= new List <AppUserBook>(); if (await IsBookInUser(bookId, appUserId)) { return(RedirectToAction("Index")); } appUser.AppUserBooks.Add(appUserBook); await _db.SaveChangesAsync(); return(RedirectToAction("Index")); }
public async Task <ActionResult> AddAppUserBook(IEnumerable <Book> book) { //Get hold of the username from the token, not by username as we cant trust this. //as someone could have stolen the token and is trying to use it to update a different user. var username = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; //Get appUser from DB var appUser = await _unitOfWork.AppUser.GetUserByUsernameAsync(username); //Object to store each AppUser Book AppUserBook appUserBook = new AppUserBook(); //User not found if (appUser == null) { //404 return(NotFound()); } //Check if object contains any data if (book != null) { foreach (var item in book) { //AppUserID: Retrieved from JWT token. Not user. appUserBook.AppUserId = appUser.Id; appUserBook.BookId = item.Id; //These 2 fields come from the DB. Preventing hackers overriding these values from front end. appUserBook.SubscriptionBookName = item.BookName; appUserBook.SubscriptionPurchasePrice = item.BookPurchasePrice; appUserBook.SubscriptionDate = DateTime.Now; appUserBook.SubscriptionUnsubscribeDate = DateTime.Now; appUserBook.SubscriptionIsDeleted = 0; //Add to EF memory. Not Persisted to DB yet. _unitOfWork.AppUserBook.Add(appUserBook); } } //Persist changes to DB if (await _unitOfWork.AppUserBook.SaveAllAsync()) { return(NoContent()); } else { return(BadRequest("Failed to update user.")); } }