public async Task <ActionResult <AdView> > EditAdAsync([FromBody] AdEditRequest adEditRequest) { var currentUserId = GetCurrentUserId(); try { var editedAd = await adManager.EditAsync(adEditRequest, currentUserId); return(Ok(await editedAd .AttachCurrentUserId(mapper.ConfigurationProvider, GetCurrentUserId()) .ProjectTo <AdView>(mapper.ConfigurationProvider) .SingleAsync())); } catch (ArgumentNullException ane) { logger.LogDebug(ane.Message + "\n" + ane.StackTrace); return(NotFound($"Can't find ad {adEditRequest.Id}")); } catch (MethodAccessException mae) { logger.LogDebug(mae.Message + "\n" + mae.StackTrace); logger.LogDebug($"Current user {currentUserId} has no rights to edit ad {adEditRequest.Id}"); return(Forbid(JwtBearerDefaults.AuthenticationScheme, CookieAuthenticationDefaults.AuthenticationScheme)); } catch (Exception ex) { logger.LogDebug(ex.Message + "\n" + ex.StackTrace); return(StatusCode(500)); } }
public async Task <IQueryable <Ad> > EditAsync(AdEditRequest adEditRequest, Guid userId) { Ad adToEdit = await Ads.FirstOrDefaultAsync(ad => ad.Id == adEditRequest.Id) ?? throw new ArgumentNullException(); if (adToEdit.OrganizationId.HasValue) { bool hasRight = await dbContext.Organizations .Where(org => org.Id == adToEdit.OrganizationId.Value) .SelectMany(org => org.Users) .Where(u => u.UserId == userId) .AnyAsync(userorgright => userorgright.UserOrganizationRight.RightName == Configure.OrganizationRights.CanEditAd.ToString()); if (!hasRight) { throw new MethodAccessException(); } logger.LogDebug($"Current user {userId} edited ad {adToEdit.Id} in organization {adToEdit.OrganizationId.Value}"); } else { if (adToEdit.UserId.Value != userId) { throw new MethodAccessException(); } } mapper.Map(adEditRequest, adToEdit); dbContext.Ads.Update(adToEdit); await dbContext.SaveChangesAsync(); return(dbContext.Ads .Where(ad => ad.Id == adToEdit.Id)); }