// POST odata/Element
public async Task <IHttpActionResult> Post(Delta <Element> patch)
{
var element = patch.GetEntity();
// Don't allow the user to set these fields / coni2k - 29 Jul. '17
// TODO Use ForbiddenFieldsValidator?: Currently breeze doesn't allow to post custom (delta) entity
// TODO Or use DTO?: Needs a different metadata than the context, which can be overkill
element.Id = 0;
element.CreatedOn = DateTime.UtcNow;
element.ModifiedOn = DateTime.UtcNow;
element.DeletedOn = null;
// Owner check: Entity must belong to the current user
var r = await _resourcePoolManager
.GetResourcePoolSet(element.ResourcePoolId)
.SingleOrDefaultAsync();
var userId = await _resourcePoolManager
.GetResourcePoolSet(element.ResourcePoolId)
.Select(item => item.UserId)
.Distinct()
.SingleOrDefaultAsync();
var currentUserId = User.Identity.GetUserId <int>();
if (currentUserId != userId)
{
return(StatusCode(HttpStatusCode.Forbidden));
}
await _resourcePoolManager.AddElementAsync(element);
return(Created(element));
}
public IQueryable <ResourcePool> Get()
{
var list = _resourcePoolManager.GetResourcePoolSet(null, true, resourcePool => resourcePool.User);
// TODO Handle this by intercepting the query either on OData or EF level
// Currently it queries the database twice / coni2k - 20 Feb. '17
var currentUserId = User.Identity.GetUserId <int>();
foreach (var item in list.Where(item => item.UserId != currentUserId))
{
item.User.ResetValues();
}
return(list);
}
public async Task UpdateComputedFields2()
{
Security.LoginAs(3, "Regular");
using (var manager = new ResourcePoolManager())
{
var list = manager.GetResourcePoolSet(17).AsEnumerable();
await manager.UpdateComputedFieldsAsync(list.First().Id);
}
}
public async Task UpdateComputedFields()
{
Security.LoginAs(1, "Administrator");
using (var manager = new ResourcePoolManager())
{
var list = manager.GetResourcePoolSet(29).AsEnumerable();
await manager.UpdateComputedFieldsAsync(list.First().Id);
}
}