public IHttpActionResult AddSave(string employerId, string applicationId) { AccountController account = new AccountController(_employerService, _organizationService, _identityService); account.UserManager = UserManager; var userInfo = account.GetUserInfo(); // make sure user has rights to the Applicaion var hasPermission = _identityService.HasAddPermission(userInfo, employerId); if (!hasPermission) { Unauthorized("Unauthorized"); } var state = Request.Content.ReadAsStringAsync().Result; try { JToken.Parse(state); } catch (Exception e) { BadRequest(e.Message); } _saveService.AddOrUpdate(applicationId, applicationId, employerId, state); return(Created($"/api/Save?userId={User.Identity.GetUserId()}", new { })); }
public IHttpActionResult AddSave(string EIN) { // make sure user has rights to the EIN var hasEINClaim = _identityService.UserHasEINClaim(User, EIN); if (!hasEINClaim) { return(Unauthorized()); } var state = Request.Content.ReadAsStringAsync().Result; try { JToken.Parse(state); } catch (Exception) { return(BadRequest()); } _saveService.AddOrUpdate(EIN, state); return(Created($"/api/Save?userId={User.Identity.GetUserId()}&EIN={EIN}", new { })); }