public async Task <IActionResult> UpdateAvatar([FromRoute] string username, [FromForm] IFormFile newAvatar) { string jwtUsername = User.FindFirstValue(ClaimTypes.Name); if (jwtUsername != username) { return(BadRequest(new { Err = "You cannot update others' avatars!" })); } // get avatar record var avatarRecord = await DbContext.AvatarPhotos .Include(a => a.User) .Where(a => a.User.Username == username) .FirstOrDefaultAsync(); // upload photo try { string avatarPath = await PhotoUtils.UploadPhotoAsync(newAvatar, AvatarServingPath); DbContext.Entry(avatarRecord).CurrentValues.SetValues(new { FileName = avatarPath }); await DbContext.SaveChangesAsync(); return(Ok()); } catch (InvalidDataException) { return(BadRequest(new { Err = "Photo is invalid!" })); } }
public async Task <IActionResult> CreatePost([FromForm] string caption, [FromForm] IList <IFormFile> uploads, [FromRoute] string username) { if (uploads.Count <= 0) { return(BadRequest(new { Err = "Cannot create a post without any photo!" })); } // validate user var user = await DbContext.Users.SingleOrDefaultAsync(u => u.Username == username); if (user is null) { return(BadRequest(new { Err = "Unauthorized user!" })); } var transaction = DbContext.Database.BeginTransaction(); // create post content var post = new Post() { Caption = caption, UserId = user.Id, Created = DateTimeOffset.UtcNow }; DbContext.Add(post); await DbContext.SaveChangesAsync(); post = await DbContext.Posts .Include(p => p.User).ThenInclude(u => u.AvatarPhoto) .Where(p => p.Id == post.Id) .FirstOrDefaultAsync(); // create file uploads var uploadedFiles = uploads.Select(async upload => await PhotoUtils.UploadPhotoAsync(upload, PhotoServingPath)) .Select(task => task.Result) .Select(fileName => new Photo() { PostId = post.Id, FileName = fileName }); DbContext.AddRange(uploadedFiles); await DbContext.SaveChangesAsync(); await transaction.CommitAsync(); return(Created(Url.Action("GetPostById", "Post", new { id = post.Id }), ResponseModelFactory.Create(post))); }