public IHttpActionResult PutAccommodation(int id, Accommodation a) { IdentityUser user = this.UserManager.FindById(User.Identity.GetUserId()); int? userId = (user as BAIdentityUser).appUserId; var userRole = user.Roles.First().RoleId; BAContext BAContext = new BAContext(); var role = BAContext.Roles.FirstOrDefault(r => r.Id == userRole); if (!ModelState.IsValid) { return BadRequest(ModelState); } if (id != a.Id) { return BadRequest(); } if (!(role.Name.Equals("Admin")) && !(role.Name.Equals("Manager")) && (a.AppUserId != userId)) { return Unauthorized(); } AppUser manager = db.AppUsers.Where((x) => x.Id.Equals(a.AppUserId)).FirstOrDefault(); if ((manager == null) || (manager.Banned)) { return Unauthorized(); } if(role.Name.Equals("Admin")) { AccommodationNotificationHub.AccommodationApproved(a); } db.Entry(a).State = EntityState.Modified; try { db.SaveChanges(); } catch (DbUpdateConcurrencyException) { if (!AccommodationExists(id)) { return NotFound(); } else { throw; } } return StatusCode(HttpStatusCode.NoContent); }
public IHttpActionResult PostAccommodation() { Accommodation a = new Accommodation(); if (!ModelState.IsValid) { return BadRequest(ModelState); } var httpRequest = HttpContext.Current.Request; a = JsonConvert.DeserializeObject<Accommodation>(httpRequest.Form[0]); AppUser manager = db.AppUsers.Where((x) => x.Id.Equals(a.AppUserId)).FirstOrDefault(); if ((manager == null) || (manager.Banned)) { return Unauthorized(); } foreach (string file in httpRequest.Files) { HttpResponseMessage response = Request.CreateResponse(HttpStatusCode.Created); var postedFile = httpRequest.Files[file]; if (postedFile != null && postedFile.ContentLength > 0) { IList<string> AllowedFileExtensions = new List<string> { ".jpg", ".gif", ".png" }; var ext = postedFile.FileName.Substring(postedFile.FileName.LastIndexOf('.')); var extension = ext.ToLower(); if (!AllowedFileExtensions.Contains(extension)) { return BadRequest(); } else { var filePath = HttpContext.Current.Server.MapPath("~/Content/AccommodationPictures/" + postedFile.FileName); a.ImageUrl = "Content/AccommodationPictures/" + postedFile.FileName; postedFile.SaveAs(filePath); } } } db.Accommodations.Add(a); db.SaveChanges(); AccommodationNotificationHub.AccommodationAdded(a); return CreatedAtRoute("DefaultApi", new { controller = "Accommodation", id = a.Id }, a); }