public async Task <ActionResult <UserBoardDTO> > Post(UserBoardDTO board) { var other = await _context.Boards.FindAsync(board.BoardId); if (other != null) { var err = new ValidationErrors().Add("This Id already in use", nameof(board.BoardId)); return(BadRequest(err)); } var currentUser = await _context.Users.SingleOrDefaultAsync(u => u.Pseudo == User.Identity.Name); if (currentUser.UserId != board.AuthorId) { return(Unauthorized("Vous n'êtes pas autorisé à effectuer cette action")); } var newBoard = new Board() { Title = board.Title, PicturePath = board.PicturePath, AuthorId = board.AuthorId }; _context.Boards.Add(newBoard); var res = await _context.SaveChangesAsyncWithValidation(); if (!res.IsEmpty) { return(BadRequest(res)); } //permet de renvoyer un réponse ayant un statut HTTP 201 - Created return(CreatedAtAction(nameof(Get), new { id = newBoard.BoardId }, newBoard.ToDTOU())); }
public async Task <IActionResult> Put(int id, UserBoardDTO boardDTO) { var Author = await _context.Users.FindAsync(boardDTO.AuthorId); if (User.Identity.Name != Author.Pseudo && !User.IsInRole(Role.Admin.ToString())) { return(BadRequest("Vous n'avez pas les droits pour effectuer cette action")); } if (id != boardDTO.BoardId) { return(BadRequest("mauvaise requetes des id")); } var board = await _context.Boards.FindAsync(id); if (board == null) { return(NotFound()); } board.Title = boardDTO.Title; board.PicturePath = boardDTO.PicturePath; var res = await _context.SaveChangesAsyncWithValidation(); if (!res.IsEmpty) { return(BadRequest(res)); } return(NoContent()); }