public async Task <IHttpActionResult> Discount(int id, decimal discount) { if (discount < 1 || discount > 100) { return(BadRequest(ModelState)); } Product product = await _store.GetByIdAsync(id); if (product == null) { return(NotFound()); } var operation = ProductOperations.GiveDiscount(discount); if (await _authz.AuthorizeAsync((ClaimsPrincipal)User, product, operation)) { product.Price -= discount; await _store.UpdateAsync(product); return(Ok(product)); } return(StatusCode(HttpStatusCode.Forbidden)); }
public async Task <IActionResult> Discount(ProductDiscountViewModel model) { if (!ModelState.IsValid) { return(RedirectToAction("Details", new { model.Id })); } Product product = await _store.GetByIdAsync(model.Id); if (product == null) { return(NotFound()); } var operation = ProductOperations.GiveDiscount(model.Discount); if (await _authz.AuthorizeAsync(User, product, operation)) { product.Price -= model.Discount; await _store.UpdateAsync(product); return(RedirectToAction("Index")); } return(new ChallengeResult()); }