// POST odata/UserElementCell
public async Task <IHttpActionResult> Post(Delta <UserElementCell> patch)
{
var userElementCell = patch.GetEntity();
// Don't allow the user to set these fields / coni2k - 29 Jul. '17
// TODO Use ForbiddenFieldsValidator?: Currently breeze doesn't allow to post custom (delta) entity
// TODO Or use DTO?: Needs a different metadata than the context, which can be overkill
//userElementCell.UserId = 0;
userElementCell.CreatedOn = DateTime.UtcNow;
userElementCell.ModifiedOn = DateTime.UtcNow;
userElementCell.DeletedOn = null;
// Owner check: Entity must belong to the current user
// REMARK UserCommandTreeInterceptor already filters "userId" on EntityFramework level, but that might be removed later on / coni2k - 31 Jul. '17
var currentUserId = User.Identity.GetUserId <int>();
if (currentUserId != userElementCell.UserId)
{
return(StatusCode(HttpStatusCode.Forbidden));
}
// TODO Fixed cell check: Is it allowed to add UserElementCell for that cell?
await _resourcePoolManager.AddUserElementCellAsync(userElementCell);
return(Created(userElementCell));
}