// POST api/Todo public HttpResponseMessage PostNoteItem(NoteItemDto noteItemDto) { if (ModelState.IsValid) { Project project = db.Projects.Find(noteItemDto.TodoListId); if (project == null) { return Request.CreateResponse(HttpStatusCode.NotFound); } if (project.UserId != User.Identity.Name) { // Trying to add a record that does not belong to the user return Request.CreateResponse(HttpStatusCode.Unauthorized); } NoteItem todoItem = noteItemDto.ToEntity(); // Need to detach to avoid loop reference exception during JSON serialization db.Entry(project).State = EntityState.Detached; db.NoteItems.Add(todoItem); db.SaveChanges(); noteItemDto.TodoItemId = todoItem.NoteItemId; HttpResponseMessage response = Request.CreateResponse(HttpStatusCode.Created, noteItemDto); response.Headers.Location = new Uri(Url.Link("DefaultApi", new { id = noteItemDto.TodoItemId })); return response; } else { return Request.CreateResponse(HttpStatusCode.BadRequest); } }
// DELETE api/Todo/5 public HttpResponseMessage DeleteNoteItem(int id) { NoteItem noteItem = db.NoteItems.Find(id); if (noteItem == null) { return Request.CreateResponse(HttpStatusCode.NotFound); } if (db.Entry(noteItem.Project).Entity.UserId != User.Identity.Name) { // Trying to delete a record that does not belong to the user return Request.CreateResponse(HttpStatusCode.Unauthorized); } NoteItemDto todoItemDto = new NoteItemDto(noteItem); db.NoteItems.Remove(noteItem); try { db.SaveChanges(); } catch (DbUpdateConcurrencyException) { return Request.CreateResponse(HttpStatusCode.InternalServerError); } return Request.CreateResponse(HttpStatusCode.OK, todoItemDto); }
// DELETE api/Todo/5 public HttpResponseMessage DeleteNoteItem(int id) { NoteItem noteItem = db.NoteItems.Find(id); if (noteItem == null) { return(Request.CreateResponse(HttpStatusCode.NotFound)); } if (db.Entry(noteItem.Project).Entity.UserId != User.Identity.Name) { // Trying to delete a record that does not belong to the user return(Request.CreateResponse(HttpStatusCode.Unauthorized)); } NoteItemDto todoItemDto = new NoteItemDto(noteItem); db.NoteItems.Remove(noteItem); try { db.SaveChanges(); } catch (DbUpdateConcurrencyException) { return(Request.CreateResponse(HttpStatusCode.InternalServerError)); } return(Request.CreateResponse(HttpStatusCode.OK, todoItemDto)); }
// POST api/Todo public HttpResponseMessage PostNoteItem(NoteItemDto noteItemDto) { if (ModelState.IsValid) { Project project = db.Projects.Find(noteItemDto.TodoListId); if (project == null) { return(Request.CreateResponse(HttpStatusCode.NotFound)); } if (project.UserId != User.Identity.Name) { // Trying to add a record that does not belong to the user return(Request.CreateResponse(HttpStatusCode.Unauthorized)); } NoteItem todoItem = noteItemDto.ToEntity(); // Need to detach to avoid loop reference exception during JSON serialization db.Entry(project).State = EntityState.Detached; db.NoteItems.Add(todoItem); db.SaveChanges(); noteItemDto.TodoItemId = todoItem.NoteItemId; HttpResponseMessage response = Request.CreateResponse(HttpStatusCode.Created, noteItemDto); response.Headers.Location = new Uri(Url.Link("DefaultApi", new { id = noteItemDto.TodoItemId })); return(response); } else { return(Request.CreateResponse(HttpStatusCode.BadRequest)); } }
// PUT api/Todo/5 public HttpResponseMessage PutNoteItem(int id, NoteItemDto noteItemDto) { if (ModelState.IsValid && id == noteItemDto.TodoItemId) { NoteItem noteItem = noteItemDto.ToEntity(); Project project = db.Projects.Find(noteItem.ProjectId); if (project == null) { return(Request.CreateResponse(HttpStatusCode.NotFound)); } if (project.UserId != User.Identity.Name) { // Trying to modify a record that does not belong to the user return(Request.CreateResponse(HttpStatusCode.Unauthorized)); } // Need to detach to avoid duplicate primary key exception when SaveChanges is called db.Entry(project).State = EntityState.Detached; db.Entry(noteItem).State = EntityState.Modified; try { db.SaveChanges(); } catch (DbUpdateConcurrencyException) { return(Request.CreateResponse(HttpStatusCode.InternalServerError)); } return(Request.CreateResponse(HttpStatusCode.OK)); } else { return(Request.CreateResponse(HttpStatusCode.BadRequest)); } }
// PUT api/Todo/5 public HttpResponseMessage PutNoteItem(int id, NoteItemDto noteItemDto) { if (ModelState.IsValid && id == noteItemDto.TodoItemId) { NoteItem noteItem = noteItemDto.ToEntity(); Project project = db.Projects.Find(noteItem.ProjectId); if (project == null) { return Request.CreateResponse(HttpStatusCode.NotFound); } if (project.UserId != User.Identity.Name) { // Trying to modify a record that does not belong to the user return Request.CreateResponse(HttpStatusCode.Unauthorized); } // Need to detach to avoid duplicate primary key exception when SaveChanges is called db.Entry(project).State = EntityState.Detached; db.Entry(noteItem).State = EntityState.Modified; try { db.SaveChanges(); } catch (DbUpdateConcurrencyException) { return Request.CreateResponse(HttpStatusCode.InternalServerError); } return Request.CreateResponse(HttpStatusCode.OK); } else { return Request.CreateResponse(HttpStatusCode.BadRequest); } }