[ValidateAntiForgeryToken] // Prevents XSRF/CSRF attacks public async Task <IActionResult> Edit(string id, PutUserModel putUserModel) { try { AuthorizeHelper.Authorize(this.HttpContext, "Administrator", this.GetType().Name, "Edit", "user"); var userId = HttpContext.Session.GetString("_Id"); var user = await _moviemindAPIService.GetModel <GetUserModel>(userId, "users"); if (user.Id == Guid.Parse(id) || HttpContext.User.IsInRole("Editor")) { if (ModelState.IsValid) { await _moviemindAPIService.PutModel <PutUserModel>(id, putUserModel, "users"); return(RedirectToRoute(new { action = "Index", controller = "Users" })); } return(View(putUserModel)); } else { return(RedirectToRoute(new { action = "Index", controller = "Users" })); } } catch (MovieMindException e) { return(ErrorHelper.HandleError(e, this.View(putUserModel))); } }
[ValidateAntiForgeryToken] // Prevents XSRF/CSRF attacks public async Task <IActionResult> Edit(string id, PutMovieModel putMovieModel) { try { AuthorizeHelper.Authorize(this.HttpContext, "Editor", this.GetType().Name, "Edit", "movie"); if (ModelState.IsValid) { await _moviemindAPIService.PutModel <PutMovieModel>(id, putMovieModel, "Movies"); //delete (override) previous relationships if (putMovieModel.ActorIds != null) { List <GetActorMovieModel> getActorMovieModels = await _moviemindAPIService.GetModels <GetActorMovieModel>("ActorMovies"); List <GetActorMovieModel> getActorMovieModelsToDelete = getActorMovieModels.Where(x => x.MovieId == Guid.Parse(id)).ToList(); foreach (GetActorMovieModel getActorMovieModel in getActorMovieModelsToDelete) { await _moviemindAPIService.DeleteModel(getActorMovieModel.Id.ToString(), "ActorMovies"); } //put in new relationships foreach (Guid actorId in putMovieModel.ActorIds) { await _moviemindAPIService.PostModel <PostActorMovieModel, GetActorMovieModel>(new PostActorMovieModel { ActorId = actorId, MovieId = Guid.Parse(id) }, "ActorMovies"); } } return(Redirect("/Movies/Details/" + id.ToString())); } return(View(putMovieModel)); } catch (MovieMindException e) { return(ErrorHelper.HandleError(e, this.View(putMovieModel))); } }
[ValidateAntiForgeryToken] // Prevents XSRF/CSRF attacks public async Task <IActionResult> Edit(string id, PutReviewModel putReviewModel) { try { AuthorizeHelper.Authorize(this.HttpContext, "Editor", this.GetType().Name, "Edit", "review"); if (ModelState.IsValid) { await _moviemindAPIService.PutModel <PutReviewModel>(id, putReviewModel, "reviews"); return(Redirect("/Reviews/Details/" + id.ToString())); } return(View(putReviewModel)); } catch (MovieMindException e) { return(ErrorHelper.HandleError(e, this.View(putReviewModel))); } }
[ValidateAntiForgeryToken] // Prevents XSRF/CSRF attacks public async Task <IActionResult> Edit(string id, PutDirectorModel putDirectorModel) { try { AuthorizeHelper.Authorize(this.HttpContext, "Editor", this.GetType().Name, "Edit", "director"); if (ModelState.IsValid) { await _moviemindAPIService.PutModel <PutDirectorModel>(id, putDirectorModel, "Directors"); return(RedirectToRoute(new { action = "Index", controller = "Directors" })); } return(View(putDirectorModel)); } catch (MovieMindException e) { return(ErrorHelper.HandleError(e, this.View(putDirectorModel))); } }