public IHttpActionResult Put(string username, PersonExtendedDTO person) { #region Validation //If not admin, user can only edit himself/herself if (!User.IsInRole(AppRoles.Admin) && person.UserName != User.Identity.GetUserName()) { return(BadRequest("You do not have sufficient rights to edit anyone but yourself")); } if (username != person.UserName) { return(BadRequest("username and object param doesn't match")); } #endregion //Get user manager var userManager = Request.GetOwinContext().GetUserManager <ApplicationUserManager>(); //Get user associated ApplicationUser user = userManager.FindByName(person.UserName); if (user == null) { return(NotFound()); } //Cast for database storage Person model = person.ToModel(user); //Insert in db userManager.Update(model.ApplicationUser); //peopleRepository.Update(model); //peopleRepository.Save(); //Cast for transport PersonExtendedDTO result = new PersonExtendedDTO(model); return(Ok(result)); }
public IHttpActionResult Post(PersonExtendedDTO person) { //If not admin, user can only edit himself/herself if (!User.IsInRole(AppRoles.Admin) && person.UserName != User.Identity.GetUserName()) { return(BadRequest("You do not have sufficient rights to edit anyone but yourself")); } //Get user manager var userManager = Request.GetOwinContext().GetUserManager <ApplicationUserManager>(); //Get user associated ApplicationUser user = userManager.FindByName(person.UserName); #region Validation if (user == null) { return(BadRequest("Person you try to create has no user to associate with!")); } if (user.Person != null) { return(BadRequest("Person you try to create already exists!")); } #endregion //Cast for database storage Person model = person.ToModel(user); //Insert in db userManager.Update(model.ApplicationUser); //peopleRepository.Add(model); //peopleRepository.Save(); //Cast for transport PersonExtendedDTO result = new PersonExtendedDTO(model); return(Ok(result)); }