public async Task <ActionResult <V1DTO.Order> > PostOrder(V1DTO.Order order) { if (User.IsInRole("Restaurant") && !await _bll.RestaurantUsers.AnyAsync(ru => ru.AppUserId.Equals(User.UserGuidId()) && ru.RestaurantId.Equals(order.RestaurantId))) { return(Unauthorized(new V1DTO.MessageDTO("User not authorized for this restaurant"))); } var bllEntity = _mapper.Map(order); bllEntity.AppUserId = User.UserGuidId(); _bll.Orders.Add(bllEntity); await _bll.SaveChangesAsync(); order.Id = bllEntity.Id; return(CreatedAtAction("GetOrder", new { id = order.Id, version = HttpContext.GetRequestedApiVersion()?.ToString() ?? "0" }, order)); }
public async Task <IActionResult> PutOrder(Guid id, V1DTO.Order order) { if (User.IsInRole("Restaurant") && !await _bll.RestaurantUsers.AnyAsync(ru => ru.AppUserId.Equals(User.UserGuidId()) && ru.RestaurantId.Equals(order.RestaurantId))) { return(Unauthorized(new V1DTO.MessageDTO("User not authorized for this restaurant"))); } if (id != order.Id) { return(BadRequest(new V1DTO.MessageDTO("Id and Order.Id do not match"))); } var bllEntity = _mapper.Map(order); bllEntity.AppUserId = (await _bll.Orders.FirstOrDefaultAsync(id)).AppUserId; await _bll.Orders.UpdateAsync(bllEntity); await _bll.SaveChangesAsync(); return(NoContent()); }