Esempio n. 1
0
        public async Task <ActionResult <Trip> > PostTrip(TripModel m)
        {
            var uid = //get id from User AD
                      _DB.Trips.Add(new Trip
            {
                DateUTC     = m.DateUTC,
                Destination = m.Destination,
                Country     = m.Country,
                Title       = m.Title,
                UserId      = _User.UserId
            });
            await _DB.SaveChangesAsync();

            return(CreatedAtAction("GetTrip", new { id = m.Id }, m));
        }
Esempio n. 2
0
        public async Task <IActionResult> PutTrip(TripModel m)
        {
            var t = await _DB.Trips.FindAsync(m.Id);

            if (t == null)
            {
                return(NotFound());
            }
            if (!CanEditOrDelete(_User.UserId, m.UserId))
            {
                return(NotFound()); //for internal should be NotAuthorized, but for public security reasons we should return zero info about request.
            }
            //update entry
            t.DateUTC     = m.DateUTC;
            t.Destination = m.Destination;
            t.Country     = m.Country;
            t.Title       = m.Title;
            t.UserId      = m.UserId;

            _DB.Entry(t).State = EntityState.Modified;

            try
            {
                await _DB.SaveChangesAsync();
            }
            catch (DbUpdateConcurrencyException)
            {
                if (!TripExists(m.Id))
                {
                    return(NotFound());
                }
                else
                {
                    throw;
                }
            }

            return(NoContent());
        }