public HttpResponseMessage PostTodoList(TodoListDto todoListDto) { if (!this.ModelState.IsValid) { return this.Request.CreateErrorResponse(HttpStatusCode.BadRequest, this.ModelState); } todoListDto.UserId = this.User.Identity.Name; TodoList todoList = todoListDto.ToEntity(); this.db.TodoLists.Add(todoList); this.db.SaveChanges(); todoListDto.TodoListId = todoList.TodoListId; HttpResponseMessage response = this.Request.CreateResponse(HttpStatusCode.Created, todoListDto); response.Headers.Location = new Uri(this.Url.Link("DefaultApi", new { id = todoListDto.TodoListId })); return response; }
public HttpResponseMessage PutTodoList(int id, TodoListDto todoListDto) { if (!this.ModelState.IsValid) { return this.Request.CreateErrorResponse(HttpStatusCode.BadRequest, this.ModelState); } if (id != todoListDto.TodoListId) { return this.Request.CreateResponse(HttpStatusCode.BadRequest); } TodoList todoList = todoListDto.ToEntity(); if (this.db.Entry(todoList).Entity.UserId != this.User.Identity.Name) { // Trying to modify a record that does not belong to the user return this.Request.CreateResponse(HttpStatusCode.Unauthorized); } this.db.Entry(todoList).State = EntityState.Modified; try { this.db.SaveChanges(); } catch (DbUpdateConcurrencyException) { return this.Request.CreateResponse(HttpStatusCode.InternalServerError); } return this.Request.CreateResponse(HttpStatusCode.OK); }