// POST odata/ResourcePool
public async Task <IHttpActionResult> Post(Delta <ResourcePool> patch)
{
var resourcePool = patch.GetEntity();
// Don't allow the user to set these fields / coni2k - 29 Jul. '17
// TODO Use ForbiddenFieldsValidator?: Currently breeze doesn't allow to post custom (delta) entity
// TODO Or use DTO?: Needs a different metadata than the context, which can be overkill
resourcePool.Id = 0;
//resourcePool.UserId = 0;
resourcePool.RatingCount = 0;
resourcePool.ResourcePoolRateTotal = 0;
resourcePool.ResourcePoolRateCount = 0;
resourcePool.CreatedOn = DateTime.UtcNow;
resourcePool.ModifiedOn = DateTime.UtcNow;
resourcePool.DeletedOn = null;
// Owner check: Entity must belong to the current user
var currentUserId = User.Identity.GetUserId <int>();
if (currentUserId != resourcePool.UserId)
{
return(StatusCode(HttpStatusCode.Forbidden));
}
try
{
await _resourcePoolManager.InsertAsync(resourcePool);
}
catch (DbUpdateException)
{
// Unique key exception
if (await _resourcePoolManager.All.AnyAsync(item => item.Key == resourcePool.Key))
{
return(new UniqueKeyConflictResult(Request, nameof(ResourcePool.Key), resourcePool.Key));
}
throw;
}
return(Created(resourcePool));
}
