예제 #1
0
        public async Task <ActionResult <OrderDto> > GetOrder(int customerID, int orderID)
        {
            //Allow only admins to access other users records
            var userid = int.Parse(User.Identity.Name);

            if (userid != customerID && !User.IsInRole(Role.Admin))
            {
                return(Forbid());
            }
            _orm.OpenConn();
            var orderFromDB = await _orm.GetOrderById(orderID);

            if (orderFromDB == null || orderFromDB.Customer.Id != customerID)
            {
                return(NotFound());
            }
            var orderDto = _mapper.Map <OrderDto>(orderFromDB);
            await _orm.CloseConn();

            return(Ok(orderDto));
        }