//[Authorize(Policy = CroudSeek.Shared.Policies.CanManageQuests)] //[Authorize] public ActionResult <DataPointDto> CreateDataPointForQuest( int questId, DataPointForCreationDto dataPoint) { if (!_croudSeekRepository.QuestExists(questId)) { return(NotFound()); } var dataPointEntity = _mapper.Map <Entities.DataPoint>(dataPoint); dataPointEntity.QuestId = questId; var userName = User.Claims.FirstOrDefault(x => x.Type == ClaimTypes.NameIdentifier)?.Value; var user = _croudSeekRepository.GetUsers().Where((u) => u.Name == userName).FirstOrDefault(); //TODO - Allow Quest to be created without user name through email verification if (user == null) { return(ValidationProblem($"Invalid user: {userName}")); } dataPointEntity.OwnerId = user.Id; _croudSeekRepository.AddDataPoint(questId, dataPointEntity); _croudSeekRepository.Save(); var dataPointToReturn = _mapper.Map <DataPointDto>(dataPointEntity); return(CreatedAtRoute("GetDataPointForQuest", new { questId = questId, dataPointId = dataPointToReturn.Id }, dataPointToReturn)); }