Esempio n. 1
0
        public async Task<IHttpActionResult> PutShop(int id, Shop shop)
        {
            if (!ModelState.IsValid)
            {
                return BadRequest(ModelState);
            }

            if (id != shop.Id)
            {
                return BadRequest();
            }

            if (!CheckUserOwnsShop(shop)) return BadRequest("Unauthorised access to shop");

            db.Entry(shop).State = EntityState.Modified;

            try
            {
                await db.SaveChangesAsync();
            }
            catch (DbUpdateConcurrencyException)
            {
                if (!ShopExists(id))
                {
                    return NotFound();
                }
                throw;

            }

            return StatusCode(HttpStatusCode.NoContent);
        }
Esempio n. 2
0
        public async Task<IHttpActionResult> PostShop(Shop shop)
        {
            shop.User = await AppUserManager.Users.SingleAsync(s=>s.Id == User.Identity.GetUserId());
            if (!ModelState.IsValid)
            {
                return BadRequest(ModelState);
            }

            db.Shops.Add(shop);
            await db.SaveChangesAsync();

            return CreatedAtRoute("DefaultApi", new { id = shop.Id }, shop);
        }
Esempio n. 3
0
 private bool CheckUserOwnsShop(Shop shop)
 {
     if (shop.User.Id.Equals(User.Identity.GetUserId()))
     {
         return true;
     }
     return false;
 }