public async Task <IActionResult> SetAvatar(Guid id, IFormFile postedImage) { var project = await Database.Projects.FindAsync(id); if (await _permission.AllowWrite(await CurrentUser, project)) { return(await _avatar.SetAvatarResult(project, postedImage)); } return(Forbid()); }
// PUT /api/[controller]/{id} public virtual async Task <ActionResult <TViewModel> > Put(TKey parentId, TKey id, [FromBody] TCreateModel create) { var set = Database.Set <TData>(); var entity = await set.FindAsync(id); if (entity == null) { return(NotFound()); } if (!await Permissions.AllowWrite(await CurrentUser, entity) || entity.Deleted) { return(Forbid()); } await UpdateDataModelAsync(entity, create); await Database.SaveChangesAsync(); return(await CreateViewModelAsync(entity)); }
public async Task <IActionResult> ScanQrCode(Guid pledgeId) { var pledge = await Database.Pledges.FindAsync(pledgeId); if (pledge == null) { return(NotFound()); } if (!await _projectPermissionProvider.AllowWrite(await CurrentUser, pledge.Project)) { return(Forbid()); } pledge.Status = PledgeStatus.Finished; await Database.SaveChangesAsync(); return(Ok()); }