Exemple #1
0
        public async Task <IHttpActionResult> GetBook([FromUri] int id)
        {
            var book = await repo.GetBookByIdAsync(id);

            if (book == null)
            {
                var notFoundError = new NotFoundApiError($"No book with id {id} exists");

                var notFound = ControllerContext.Request.CreateErrorResponse(
                    HttpStatusCode.NotFound, notFoundError);

                return(ResponseMessage(notFound));
            }

            var currentUserId = GetCurrentUserId();

            if (book.OwnerId != currentUserId)
            {
                var friendship = await repo.GetFriendshipBetweenUserIdsAsync(currentUserId, book.OwnerId);

                if (friendship == null || !friendship.RequestApproved.HasValue)
                {
                    var forbiddenError = new ForbiddenApiError("You must be friends with the owner to view this book");

                    var forbidden = ControllerContext.Request.CreateErrorResponse(
                        HttpStatusCode.Forbidden,
                        forbiddenError);

                    return(ResponseMessage(forbidden));
                }
            }

            return(Ok(new BookDTO(book)));
        }
Exemple #2
0
            protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
            {
                var forbiddenError = new ForbiddenApiError("You must be friends with the owner to view this book");

                var forbidden = request.CreateErrorResponse(
                    HttpStatusCode.Forbidden,
                    forbiddenError);

                return(Task.FromResult(forbidden));
            }