public IActionResult FundTransferConfirm(FundTransferVM vm, IList <string> errors)
{
AddErrors(errors);
var accountDto = _accountService.ReadOneAccountByNumber(vm.AccountDesNumber);
if (accountDto == null)
{
AddErrors(new List <string>()
{
"Invalid account number."
});
vm.AccountDesNumber = "";
return(View("FundTransferForm", vm));
}
vm.AccountDesName = accountDto.AccountName;
vm.AccountDestinationId = accountDto.Id;
TempData["ValidateAccountDesId"] = accountDto.Id;
return(View(vm));
}
public IActionResult Transfer(FundTransferVM vm)
{
try
{
//for security, in case hacker change Destination accountId.
if (!TempData.ContainsKey("ValidateAccountDesId") ||
(int)TempData["ValidateAccountDesId"] != vm.AccountDestinationId)
{
EndTransaction(vm.AccountId);
return(RedirectToAction("Index", new { errors = new List <string>()
{
"Somthing went wrong. Please try again."
} }));
}
if (_accountService.TransferMoney(vm.AccountId, vm.Value, vm.AccountDestinationId))
{
//end transaction
EndTransaction(vm.AccountId);
return(RedirectToAction("Index", new { transactionCompleted = true }));
}
}
catch (DbUpdateConcurrencyException ex)
{
return(RedirectToAction("FundTransferConfirm", new { vm = vm, errors = new List <string>()
{
ex.Message
} }));
}
catch (Exception ex)
{
EndTransaction(vm.AccountId);
return(RedirectToAction("Index", new { errors = new List <string>()
{
ex.Message
} }));
}
return(RedirectToAction("Index"));
}
public IActionResult FundTransferForm(FundTransferVM vm)
{
return(View(vm));
}
