public HttpResponseMessage PutSchedule(int id, ScheduleDto scheduleDto) { if (!ModelState.IsValid) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState)); } if (id != scheduleDto.ScheduleId) { return(Request.CreateResponse(HttpStatusCode.BadRequest)); } Schedule schedule = scheduleDto.ToEntity(); if (schedule.UserId != User.Identity.Name) { // Trying to modify a record that does not belong to the user return(Request.CreateResponse(HttpStatusCode.Unauthorized)); } try { _scheduleRepository.Save(schedule); } catch (DbUpdateConcurrencyException) { return(Request.CreateResponse(HttpStatusCode.InternalServerError)); } return(Request.CreateResponse(HttpStatusCode.OK)); }
public HttpResponseMessage PostSchedule(ScheduleDto scheduleDto) { if (!ModelState.IsValid) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState)); } scheduleDto.UserId = User.Identity.Name; Schedule schedule = scheduleDto.ToEntity(); _scheduleRepository.Save(schedule); scheduleDto.ScheduleId = schedule.Id; HttpResponseMessage response = Request.CreateResponse(HttpStatusCode.Created, scheduleDto); response.Headers.Location = new Uri(Url.Link("DefaultApi", new { id = scheduleDto.ScheduleId })); return(response); }