public async Task <IHttpActionResult> Post([FromBody] AuthorModels author)
{
if (author.UserId != User.Identity.GetUserId() || User.IsInRole("Администратор"))
{
return(Ok("Вы не можете сделать другого человека автором"));
}
using (ApplicationDbContext db = new ApplicationDbContext())
{
foreach (var item in db.Author.ToList())
{
if (item.UserId == author.UserId)
{
return(BadRequest("Автор с таким UserId уже существует"));
}
}
db.Author.Add(new AuthorModels
{
Position = author.Position,
AcademicTitle = author.AcademicTitle,
AcademicDegree = author.AcademicDegree,
AffiliatedOrganization = author.AffiliatedOrganization,
UserId = author.UserId
});
await db.SaveChangesAsync();
}
return(Ok());
}
public ActionResult Create(AuthorModels author)
{
try
{
using (var repo = new AuthorRepository())
{
repo.Create(author);
}
return(RedirectToAction("Index"));
}
catch
{
return(View());
}
}
public ActionResult Edit(int id, AuthorModels editAuthor)
{
try
{
using (var repo = new AuthorRepository())
{
repo.Edit(editAuthor);
}
return(RedirectToAction("Index"));
}
catch
{
return(View());
}
}
public async Task <IHttpActionResult> Put(int id, [FromBody] AuthorModels newAuthor)
{
using (ApplicationDbContext db = new ApplicationDbContext())
{
if (id != newAuthor.Id)
{
return(BadRequest());
}
var UserId = User.Identity.GetUserId();
if (newAuthor.UserId == UserId || User.IsInRole("Администратор"))
{
db.Entry(newAuthor).State = EntityState.Modified;
await db.SaveChangesAsync();
}
else
{
return(Ok("У вас нет доступа к изменению автора"));
}
}
return(Ok());
}
