public IHttpActionResult PutTodoList(int id, TodoListViewModel todoListDto) { if (!ModelState.IsValid) { return(Message(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState))); } if (id != todoListDto.TodoListId) { return(StatusCode(HttpStatusCode.BadRequest)); } TodoList todoList = todoListDto.ToEntity(); if (!String.Equals(db.Entry(todoList).Entity.UserId, User.Identity.GetUserId(), StringComparison.OrdinalIgnoreCase)) { // Trying to modify a record that does not belong to the user return(StatusCode(HttpStatusCode.Unauthorized)); } db.Entry(todoList).State = EntityState.Modified; try { db.SaveChanges(); } catch (DbUpdateConcurrencyException) { return(StatusCode(HttpStatusCode.InternalServerError)); } return(StatusCode(HttpStatusCode.OK)); }
public HttpResponseMessage PostTodoList(TodoListViewModel todoListDto) { if (!ModelState.IsValid) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState)); } todoListDto.UserId = User.Identity.GetUserId(); TodoList todoList = todoListDto.ToEntity(); db.TodoLists.Add(todoList); db.SaveChanges(); todoListDto.TodoListId = todoList.TodoListId; HttpResponseMessage response = Request.CreateResponse(HttpStatusCode.Created, todoListDto); response.Headers.Location = new Uri(Url.Link("TodoList", new { id = todoListDto.TodoListId })); return(response); }