public ActionResult ExchangeManagementConfirmed(ExchangeManagementViewModel vm) { if (!ModelState.IsValid) { return(View(vm)); } var trade = _tradeManager.GetTradeById(vm.TradeId); var currentUserId = GetUserId(); if (currentUserId != trade.Owner.Id) { return(View("Unauthorized")); } var message = _tradeManager.ExchangeManagementConfirmed(trade.Winner, vm.Details); var model = new ExchangeManagementViewModel { TradeId = trade.Id, Details = vm.Details }; model.Messages.Add(message); return(View("ExchangeManagement", model)); }
// GET: Trades/ExchangeManagement/5 public async Task <ActionResult> ExchangeManagement(int id) { var currentUserId = GetUserId(); var trade = _tradeManager.GetTradeById(id); if (currentUserId != trade.Owner.Id) { return(View("Unauthorized")); } // get the steam id of the current user. var steamId = await GetSteamId(); var model = new ExchangeManagementViewModel { TradeId = id, // TODO: add security checks: only the owner/winner can access this data. Details = new ExchangeDetails { SteamId = steamId, Time = TimeProvider.Now } }; return(View(model)); }