public async Task <IActionResult> Edit(DetailsFeedbackViewModel model) { var loggedUserId = this.userManager.GetUserId(User); if (model.SenderId != loggedUserId) { TempData[WebConstants.WarningMessageKey] = "You cannot delete someone else's feedback"; return(RedirectToAction("FeedbacksList")); } var editedFeedback = await this.feedbackService.EditFeedback(model, loggedUserId); var mapped = Mapper.Map <Feedback>(editedFeedback); return(RedirectToAction("Details", new { model.ProductId, model.SenderId })); }
public async Task <Feedback> EditFeedback(DetailsFeedbackViewModel feedback, string loggedUserId) { var feedbackToEdit = await this.db.Feedbacks.Where(f => f.SenderId == feedback.SenderId && f.ProductId == feedback.ProductId).FirstOrDefaultAsync(); if (feedbackToEdit == null || !feedback.SenderId.Equals(loggedUserId)) { throw new InvalidOperationException("You are not allowed to edit someone else's feedbacks"); } feedbackToEdit.Content = feedback.Content; feedbackToEdit.Rating = feedback.Rating; await this.db.SaveChangesAsync(); return(feedbackToEdit); }