public ActionResult ExchangeManagementConfirmed(ExchangeManagementViewModel vm)
{
if (!ModelState.IsValid)
{
return(View(vm));
}
var trade = _tradeManager.GetTradeById(vm.TradeId);
var currentUserId = GetUserId();
if (currentUserId != trade.Owner.Id)
{
return(View("Unauthorized"));
}
var message = _tradeManager.ExchangeManagementConfirmed(trade.Winner, vm.Details);
var model = new ExchangeManagementViewModel {
TradeId = trade.Id, Details = vm.Details
};
model.Messages.Add(message);
return(View("ExchangeManagement", model));
}
// GET: Trades/ExchangeManagement/5
public async Task <ActionResult> ExchangeManagement(int id)
{
var currentUserId = GetUserId();
var trade = _tradeManager.GetTradeById(id);
if (currentUserId != trade.Owner.Id)
{
return(View("Unauthorized"));
}
// get the steam id of the current user.
var steamId = await GetSteamId();
var model = new ExchangeManagementViewModel
{
TradeId = id, // TODO: add security checks: only the owner/winner can access this data.
Details = new ExchangeDetails {
SteamId = steamId, Time = TimeProvider.Now
}
};
return(View(model));
}
