public HttpResponseMessage post([FromBody] Order order)
 {
     try
     {
         using (OrdersEntities3 orders = new OrdersEntities3())
         {
             if (orders.Orders.Any(x => x.OrderID == order.OrderID))
             {
                 return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "The  " + order.OrderID + " already exists"));
             }
             else
             {
                 orders.Orders.Add(order);
                 orders.SaveChanges();
                 orders.SEndMail(order.UserID);
                 var message = Request.CreateResponse(HttpStatusCode.Created, order);
                 message.Headers.Location = new Uri(Request.RequestUri + order.OrderName);
                 return(message);
             }
         }
     }
     catch (Exception ex)
     {
         return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ex));
     }
 }
 public HttpResponseMessage Delete([FromUri] int id)
 {
     using (OrdersEntities3 orders = new OrdersEntities3())
     {
         string UserName = Thread.CurrentPrincipal.Identity.Name;
         Value = orders.UsersTables.FirstOrDefault(x => x.NAME == UserName).UserId;
         Type  = orders.UsersTables.FirstOrDefault(x => x.NAME == UserName).Type;
         var ord = orders.Orders.FirstOrDefault(x => x.OrderID == id);
         if (ord == null)
         {
             return(Request.CreateErrorResponse(HttpStatusCode.NotFound, "OrderID " + id));
         }
         else
         {
             if (Type == "User")
             {
                 if (orders.Orders.Any(x => x.OrderID == id && x.UserID == Value))
                 {
                     orders.Orders.Remove(ord);
                     orders.SaveChanges();
                     return(Request.CreateResponse(HttpStatusCode.OK));
                 }
                 else
                 {
                     return(Request.CreateErrorResponse(HttpStatusCode.Unauthorized, "Dont have permistion delete OrderID " + id));
                 }
             }
             else
             {
                 orders.Orders.Remove(ord);
                 orders.SaveChanges();
                 return(Request.CreateResponse(HttpStatusCode.OK));
             }
         }
     }
 }
        public HttpResponseMessage PUT(int id, [FromBody] Order order)
        {
            using (OrdersEntities3 ord = new OrdersEntities3())
            {
                string UserName = Thread.CurrentPrincipal.Identity.Name;
                Type  = ord.UsersTables.FirstOrDefault(x => x.NAME == UserName).Type;
                Value = ord.UsersTables.FirstOrDefault(x => x.NAME == UserName).UserId;
                if (Type == "User")
                {
                    if (ord.Orders.Any(x => x.OrderID == id && x.UserID == Value))
                    {
                        var obj = ord.Orders.FirstOrDefault(x => x.OrderID == id);
                        obj.ShippingAddress = order.ShippingAddress;
                        obj.OrderName       = order.OrderName;
                        obj.OrderDetails    = order.OrderDetails;
                        ord.SaveChanges();
                        return(Request.CreateResponse(HttpStatusCode.OK));
                    }
                    else
                    {
                        return(Request.CreateErrorResponse(HttpStatusCode.Unauthorized, "Dont have permistion to modify OrderID " + id));
                    }
                }
                else
                {
                    var obj = ord.Orders.FirstOrDefault(x => x.OrderID == id);
                    obj.ShippingAddress = order.ShippingAddress;
                    obj.OrderName       = order.OrderName;
                    obj.OrderDetails    = order.OrderDetails;
                    obj.OrderStatus     = order.OrderStatus;

                    ord.SaveChanges();
                    return(Request.CreateResponse(HttpStatusCode.OK));
                }
            }
        }