public async Task <IActionResult> Edit(int id, InstanceEditingBindingModel model)
{
if (!ModelState.IsValid)
{
return(View(model));
}
// TODO: 1. Exception filter -> NotFound, Unauthorazed
// 2. ModelState Validation filter
await this.courseInstancesService.EditInstance(id, model, this.User);
return(View(model));
}
public async Task EditInstance(int instanceId, InstanceEditingBindingModel model, ClaimsPrincipal user)
{
var instance = await this.DbContext.CourseInstances.FindAsync(instanceId);
if (instance == null)
{
throw new NotFoundException();
}
var userFromDb = await this.userManager.GetUserAsync(user);
bool canEditInstance = await this.userManager.IsInRoleAsync(userFromDb, "Administrator") ||
instance.LecurerId == userFromDb.Id; // !!!
if (canEditInstance)
{
instance.Description = model.Description; // Here is better not to use Mapper!
}
//if (instance.LecurerId != this.userManager.GetUserId(user)
// && !user.IsInRole("Administrator")) // !!!
await this.DbContext.SaveChangesAsync();
}
