public ActionResult Save(Movie movie)
{
if (!ModelState.IsValid)
{
var viewModel = new MovieFormViewModel(movie)
{
Genres = _MovieRateContext.Genres.ToList()
};
return(View("MovieForm", viewModel));
}
if (movie.Id == 0)
{
movie.DateAdded = DateTime.Now;
_MovieRateContext.Movies.Add(movie);
}
else
{
var movieInDb = _MovieRateContext.Movies.Single(m => m.Id == movie.Id);
movieInDb.Name = movie.Name;
movieInDb.GenreId = movie.GenreId;
movieInDb.NumberInStock = movie.NumberInStock;
movieInDb.ReleaseDate = movie.ReleaseDate;
}
_MovieRateContext.SaveChanges();
return(RedirectToAction("Index", "Movies"));
}
public IActionResult Save(Customer customer)
{
if (!ModelState.IsValid)
{
var viewModel = new CustomerFormViewModel
{
Customer = customer,
MembershipTypes = _MovieRateContext.MemberShipTypes.ToList()
};
return(View("CustomerForm", viewModel));
}
if (customer.Id == 0)
{
_MovieRateContext.Customers.Add(customer);
}
else
{
var customerFromDb = _MovieRateContext.Customers.Single(c => c.Id == customer.Id);
TryUpdateModelAsync(customerFromDb); // mallicious user can modify RequestData and add additional key,value pair in FormData
customerFromDb.Name = customer.Name;
customerFromDb.MembershipTypeId = customer.MembershipTypeId;
customerFromDb.IsSubscribedToNewsletter = customer.IsSubscribedToNewsletter;
customerFromDb.BirthDate = customer.BirthDate;
//Mapper.Map(customer, customerFromDb);
}
_MovieRateContext.SaveChanges();
return(RedirectToAction("Index", "Customers"));
}
