public IHttpActionResult AddSave(string employerId, string applicationId)
{
AccountController account = new AccountController(_employerService, _organizationService, _identityService);
account.UserManager = UserManager;
var userInfo = account.GetUserInfo();
// make sure user has rights to the Applicaion
var hasPermission = _identityService.HasAddPermission(userInfo, employerId);
if (!hasPermission)
{
Unauthorized("Unauthorized");
}
var state = Request.Content.ReadAsStringAsync().Result;
try
{
JToken.Parse(state);
}
catch (Exception e)
{
BadRequest(e.Message);
}
_saveService.AddOrUpdate(applicationId, applicationId, employerId, state);
return(Created($"/api/Save?userId={User.Identity.GetUserId()}", new { }));
}
public IHttpActionResult AddSave(string EIN)
{
// make sure user has rights to the EIN
var hasEINClaim = _identityService.UserHasEINClaim(User, EIN);
if (!hasEINClaim)
{
return(Unauthorized());
}
var state = Request.Content.ReadAsStringAsync().Result;
try
{
JToken.Parse(state);
}
catch (Exception)
{
return(BadRequest());
}
_saveService.AddOrUpdate(EIN, state);
return(Created($"/api/Save?userId={User.Identity.GetUserId()}&EIN={EIN}", new { }));
}
