Esempio n. 1
0
        public async Task <IActionResult> UpdatePhoneAsync(int id, [FromBody] UpdatePhoneDto requestDto)
        {
            _logger.LogInformation($"User trying to update existing phone with id {id}");
            var entity = await _phones.FindPhoneAsync(id);

            var userId = this.User.FindFirstValue(ClaimTypes.NameIdentifier);

            if (entity == default(Phone))
            {
                _logger.LogWarning($"User requested not existing phone");
                return(NotFound());
            }

            if (entity.CustomerId.ToString() != userId)
            {
                _logger.LogWarning($"User is tried to update not his own phone");
                return(Forbid());
            }

            entity = _mapper.Map(requestDto, entity);
            //TODO: Sanitize entities for avoid OWASP Top 10 A7:2017-Cross-Site Scripting (XSS)

            _logger.LogInformation($"Validating updated phone");


            if (ModelState.IsValid)
            {
                TryValidateModel(entity);
            }
            if (!ModelState.IsValid)
            {
                var errors = ModelState.FormatModelErrors();
                _logger.LogWarning($"Updated advertisement did not pass entity validation", errors);
                return(BadRequest(errors));
            }

            entity = await _phones.UpdatePhoneAsync(entity);

            _logger.LogInformation($"Phone with identificator {entity.Id} updated");

            var result = _mapper.Map <PhoneDto>(entity);

            return(Ok(result));
        }