// To protect from overposting attacks, enable the specific properties you want to bind to. // For more details, see https://aka.ms/RazorPagesCRUD. public async Task <IActionResult> OnPostAsync() { if (!ModelState.IsValid) { return(Page()); } _context.Attach(Review).State = EntityState.Modified; try { await _context.SaveChangesAsync(); } catch (DbUpdateConcurrencyException) { if (!ReviewExists(Review.ID)) { return(NotFound()); } else { throw; } } return(RedirectToPage("./Index")); }
public async Task <IActionResult> OnPostAsync(int id) { if (!ModelState.IsValid) { return(Page()); } // Fetch Contact from DB to get OwnerID. var contact = await Context .Contact.AsNoTracking() .FirstOrDefaultAsync(m => m.ContactId == id); if (contact == null) { return(NotFound()); } var isAuthorized = await AuthorizationService.AuthorizeAsync( User, contact, ContactOperations.Update); if (!isAuthorized.Succeeded) { return(new ChallengeResult()); } Contact.Id = contact.Id; _context.Attach(Contact).State = EntityState.Modified; if (contact.Status == ContactStatus.Approved) { // If the contact is updated after approval, // and the user cannot approve, // set the status back to submitted so the update can be // checked and approved. var canApprove = await AuthorizationService.AuthorizeAsync(User, contact, ContactOperations.Approve); if (!canApprove.Succeeded) { contact.Status = ContactStatus.Submitted; } } try { await _context.SaveChangesAsync(); } catch (DbUpdateConcurrencyException) { if (!ContactExists(Contact.ContactId)) { return(NotFound()); } else { throw; } } return(RedirectToPage("./Index")); }