public IHttpActionResult Delete([FromBody] MultiplePhotoSaveViewModel model) { var userId = Request.GetUserId(); if (userId < 0) { return(Unauthorized()); } if (model == null) { return(BadRequest("Model cannot be null")); } if (!ModelState.IsValid) { return(BadRequest(ModelState)); } foreach (var photoId in model.PhotoIds) { if (!_authManager.HasAccess <Photo>(userId, photoId, Operation.Delete)) { continue; } _photoManager.Delete(photoId); } return(Ok()); }
public IHttpActionResult SaveAll([FromBody] MultiplePhotoSaveViewModel model) { var userId = Request.GetUserId(); if (userId < 0) { return(Unauthorized()); } if (model == null) { return(BadRequest("Model cannot be null")); } if (!ModelState.IsValid) { return(BadRequest(ModelState)); } foreach (var photoId in model.PhotoIds) { var photo = _photoManager.GetById(photoId); if (photo == null) { continue; } if (!_authManager.HasAccess(userId, photo, Operation.Update)) { continue; } photo.AlbumId = model.AlbumId; photo.Privacy = model.Privacy; _photoManager.Update(photo); } return(Ok()); }