public IActionResult GetByID(int id)
{
try
{
var receipt = _repo.Get(id);
if (receipt != null)
{
return(Ok(BuildResponse(receipt)));
}
return(NotFound());
}
catch
{
return(ReturnUserFriendlyError(Errors.Unknown));
}
}
public void OnActionExecuting(ActionExecutingContext context)
{
var user = _helper.GetCurrentUser(context.HttpContext);
try
{
int idToModify = (int)context.ActionArguments.SingleOrDefault(p => p.Key == "id").Value;
int ownerId = _repo.Get(idToModify).User.ID;
// Admins can modify too!
if (user.ID != ownerId && !user.IsAdmin)
{
context.Result = new UnauthorizedObjectResult(null);
}
}
catch
{
context.Result = new UnauthorizedObjectResult(null);
}
}
public ReceiptVM GetById(int Id)
{
return(_receiptRepository.Get(Id));
}