[ValidateAntiForgeryToken] //CSRF attack public ActionResult Update(TourFormViewModel tourFormViewModel) { if (!ModelState.IsValid) { tourFormViewModel.Genres = _unitOfWork.Genres.GetGenre(); return(View("TourForm", tourFormViewModel)); } var tour = _unitOfWork.Tours.GetTourWithAttendees(tourFormViewModel.Id); if (tour == null) { return(HttpNotFound()); } if (tour.TravellerID != User.Identity.GetUserId()) { return(new HttpUnauthorizedResult()); } tour.Modify(tourFormViewModel.GetDateTime(), tourFormViewModel.Place, tourFormViewModel.TotalSeat, tourFormViewModel.Cost, tourFormViewModel.Genre); //tour.Place = tourFormViewModel.Place; //tour.TotalSeat = tourFormViewModel.TotalSeat; //tour.DateTime = tourFormViewModel.GetDateTime(); //tour.Cost = tourFormViewModel.Cost; //tour.GenreID = tourFormViewModel.Genre; //update data _unitOfWork.Complete(); return(RedirectToAction("Mine", "Tour")); }
[ValidateAntiForgeryToken] //CSRF attack public ActionResult Create(TourFormViewModel tourFormViewModel) { if (!ModelState.IsValid) { tourFormViewModel.Genres = _unitOfWork.Genres.GetGenre(); return(View("TourForm", tourFormViewModel)); } var tour = new Tour { TravellerID = User.Identity.GetUserId(), DateTime = tourFormViewModel.GetDateTime(), GenreID = tourFormViewModel.Genre, Cost = tourFormViewModel.Cost, Place = tourFormViewModel.Place, TotalSeat = tourFormViewModel.TotalSeat }; _unitOfWork.Tours.Add(tour); _unitOfWork.Complete(); return(RedirectToAction("Mine", "Tour")); }