public ActionResult Edit(EditReviewModel reviewModel) { try { if (ModelState.IsValid) { var review = db.Reviews.FirstOrDefault(x => x.Id == reviewModel.Id); review.Title = reviewModel.Title; review.Description = reviewModel.Description; review.UserRating = reviewModel.UserRating; review.Type = reviewModel.Type; db.Entry(review).State = EntityState.Modified; db.SaveChanges(); var username = ((User)Session["currentUser"]).Username; Response.Redirect($"~/Users/Profile?username={username}"); return(View(review)); } } catch { RedirectToAction("Error", "Home"); } return(View()); }
public async Task <IActionResult> Edit(int id) { var review = _reviews.Get(id); if (review == null) { return(RedirectToAction("Index", "Movie")); } var authz = await _authorization.AuthorizeAsync(User, review, ReviewOperations.Update); if (!authz.Succeeded) { return(Forbid()); } var movie = _movies.GetDetails(review.MovieId); var model = new EditReviewModel { ReviewId = id, Comment = review.Comment, Stars = review.Stars, MovieTitle = movie.Title, }; return(View(model)); }
} //check! public ActionResult Edit(Guid?id) { try { if (id == null) { return(new HttpStatusCodeResult(HttpStatusCode.BadRequest)); } Review review = db.Reviews.Find(id); var model = new EditReviewModel { Id = review.Id, Title = review.Title, Description = review.Description, UserRating = review.UserRating, Type = review.Type }; return(View(model)); } catch { RedirectToAction("Error", "Home"); } return(View()); } //check
public async Task <IActionResult> Edit(int id) { var review = _reviews.Get(id); if (review == null) { return(RedirectToAction("Index", "Movie")); } if (!(await _authorizationService.AuthorizeAsync(User, review, Authorization.ReviewOperations.Edit))) { return(Challenge()); } var movie = _movies.GetDetails(review.MovieId); var model = new EditReviewModel { ReviewId = id, Comment = review.Comment, Stars = review.Stars, MovieTitle = movie.Title, }; return(View(model)); }
public async Task <IActionResult> Update(EditReviewModel model) { var review = _reviews.Get(model.ReviewId); if (review == null) { return(RedirectToAction("Index", "Movie")); } // TODO: authorize the user to edit the review if (ModelState.IsValid) { var result = _reviews.Update(model.ReviewId, model.Stars, model.Comment); if (result.Succeeded) { return(View("Success", new ReviewSuccessViewModel { MovieId = review.MovieId, Action = "Updated" })); } else { foreach (var error in result.Errors) { ModelState.AddModelError("", error); } } } var movie = _movies.GetDetails(review.MovieId); model.MovieTitle = movie.Title; return(View("Edit", model)); }
public async Task <IActionResult> Edit(int id) { var result = await _reviews.GetAsync(id); if (result.IsAccessDenied) { return(Forbid()); } if (!result.Succeeded) { return(Error(result.Errors)); } var review = result.Value; if (review == null) { return(RedirectToAction("Index", "Movie")); } if (!review.CanEdit) { return(Forbid()); } var movieResult = await _movies.GetDetailsAsync(review.MovieId); if (movieResult.IsAccessDenied) { return(Forbid()); } if (!movieResult.Succeeded) { return(Error(movieResult.Errors)); } var movie = movieResult.Value; var model = new EditReviewModel { ReviewId = id, Comment = review.Comment, Stars = review.Stars, MovieTitle = movie.Title, }; return(View(model)); }
public async Task <IActionResult> Update(EditReviewModel model) { var review = _reviews.Get(model.ReviewId); if (review == null) { return(RedirectToAction("Index", "Movie")); } //Another way to trigger the authorization (next to defining an attribute) //Only users fulfilling the movieoperations edit requirement are allowed var authz = await _authorization.AuthorizeAsync(User, review, ReviewOperations.Update); if (!authz.Succeeded) { return(Forbid()); } if (ModelState.IsValid) { var result = _reviews.Update(model.ReviewId, model.Stars, model.Comment); if (result.Succeeded) { return(View("Success", new ReviewSuccessViewModel { MovieId = review.MovieId, Action = "Updated" })); } else { foreach (var error in result.Errors) { ModelState.AddModelError("", error); } } } var movie = _movies.GetDetails(review.MovieId); model.MovieTitle = movie.Title; return(View("Edit", model)); }
public async Task <IActionResult> Update(EditReviewModel model) { var review = _reviews.Get(model.ReviewId); if (review == null) { return(RedirectToAction("Index", "Movie")); } var authz = await _authorization.AuthorizeAsync(User, review, Authorization.ReviewOperations.Edit); if (!authz.Succeeded) { return(Forbid()); } if (ModelState.IsValid) { var result = _reviews.Update(model.ReviewId, model.Stars, model.Comment); if (result.Succeeded) { return(View("Success", new ReviewSuccessViewModel { MovieId = review.MovieId, Action = "Updated" })); } else { foreach (var error in result.Errors) { ModelState.AddModelError("", error); } } } var movie = _movies.GetDetails(review.MovieId); model.MovieTitle = movie.Title; return(View("Edit", model)); }
public async Task <IActionResult> Edit(int id) { var review = _reviews.Get(id); if (review == null) { return(RedirectToAction("Index", "Movie")); } // TODO: authorize the user to edit the review var movie = _movies.GetDetails(review.MovieId); var model = new EditReviewModel { ReviewId = id, Comment = review.Comment, Stars = review.Stars, MovieTitle = movie.Title, }; return(View(model)); }
public async Task <IActionResult> Update(EditReviewModel model) { var result = await _reviews.GetAsync(model.ReviewId); if (result.IsAccessDenied) { return(Forbid()); } if (!result.Succeeded) { return(Error(result.Errors)); } var review = result.Value; if (review == null) { return(RedirectToAction("Index", "Movie")); } if (!review.CanEdit) { return(Forbid()); } if (ModelState.IsValid) { var update = await _reviews.UpdateAsync(model.ReviewId, model.Stars, model.Comment); if (update.IsAccessDenied) { return(Forbid()); } if (!update.Succeeded) { return(Error(update.Errors)); } if (update.Succeeded) { return(View("Success", new ReviewSuccessViewModel { MovieId = review.MovieId, Action = "Updated" })); } else { foreach (var error in update.Errors) { ModelState.AddModelError("", error); } } } var movieResult = await _movies.GetDetailsAsync(review.MovieId); if (movieResult.IsAccessDenied) { return(Forbid()); } if (!movieResult.Succeeded) { return(Error(movieResult.Errors)); } var movie = movieResult.Value; model.MovieTitle = movie.Title; return(View("Edit", model)); }