public async Task<IHttpActionResult> Put(long id, OrderItem entity) { var user = await _authRepository.FindUser(HttpContext.Current.User as ClaimsPrincipal); var isAdmin = await _authRepository.IsAdmin(HttpContext.Current.User as ClaimsPrincipal); if (!isAdmin) { return StatusCode(HttpStatusCode.Forbidden); } if (!ModelState.IsValid) { return BadRequest(ModelState); } if (id != entity.Id) { return BadRequest(); } await _orderRepository.Update(entity); await _unitOfWork.CompleteAsync(); return StatusCode(HttpStatusCode.NoContent); }
public async Task<IHttpActionResult> Post(OrderItem vmModel) { long? productId = vmModel.ProductId; var user = await _authRepository.FindUser(HttpContext.Current.User as ClaimsPrincipal); var product = await _unitOfWork.Products.GetAsync(productId); if (product == null) { return BadRequest(); } var order = new OrderItem() { Product = product, ProductId = productId, User = user, UserId = user.Id }; var carts = await _unitOfWork.Carts.FindAsync(c => c.ProductId == productId && c.UserId == user.Id); var cart = carts.FirstOrDefault(); _unitOfWork.Carts.Remove(cart); _orderRepository.Add(order); await _unitOfWork.CompleteAsync(); return Ok(); }