public async Task <ActionResult <Need> > PostNeed(NeedDto entry)
{
var profile = await GetLoggedInProfile();
var allowedProfiles = await GetAllowedProfiles(profile.Id);
if (!VerifyProfileOnEntry(allowedProfiles, entry))
{
return(Forbid("User does not have access to create needs for this account"));
}
var dbEntry = SetUpNeed(entry, profile);
await _context.SaveChangesAsync();
return(CreatedAtAction("Post", new { id = entry.Id }, _mapper.Map <NeedDto>(dbEntry)));
}
private Need SetUpNeed(NeedDto entry, Profile profile)
{
var dbEntry = _mapper.Map <Need>(entry);
if (entry.ProfileId <= 0)
{
dbEntry.Profile = profile;
}
if (dbEntry.Id > 0)
{
_context.Entry(dbEntry).State = EntityState.Modified;
}
else
{
dbEntry.CreatedDate = System.DateTime.Now;
_context.Needs.Add(dbEntry);
}
return(dbEntry);
}
public async Task <IActionResult> PutNeed(int id, NeedDto entry)
{
if (id != entry.Id)
{
return(BadRequest("Payload does not match identifier"));
}
var profile = await GetLoggedInProfile();
var allowedProfiles = await GetAllowedProfiles(profile.Id);
if (!await _context.Needs.AnyAsync(e => e.Id == entry.Id && allowedProfiles.Contains(e.ProfileId)))
{
return(NotFound());
}
var dbEntry = _mapper.Map <Need>(entry);
_context.Entry(dbEntry).State = EntityState.Modified;
try
{
await _context.SaveChangesAsync();
}
catch (DbUpdateConcurrencyException)
{
if (!NeedExists(id))
{
return(NotFound());
}
else
{
throw;
}
}
return(Ok());
}
private bool VerifyProfileOnEntry(ICollection <int> allowedProfiles, NeedDto entry)
{
return(entry.ProfileId <= 0 || allowedProfiles.Contains(entry.ProfileId));
}
