public Catalog Post(Catalog catalog) { var user = (FacebookIdentity)User.Identity; if (catalog.Id > 0) // TODO: Investigate why catalogs are -1 and not 0. { throw new InvalidOperationException("Post should be used for new catalogs. Use the Put method for updates."); } CreateOrUpdateCatalogCommand cmd = new CreateOrUpdateCatalogCommand(catalog.Id, catalog.Name, user.Id, catalog.Visibility); var result = _commandBus.Submit(cmd); if (result.Success) { catalog.Id = result.Id; return catalog; } else { throw new ApplicationException("Unable to save catalog"); } }
// UPDATE public Catalog Put(int id, Catalog item) { if (item.Id == 0) { throw new InvalidOperationException("Put should be used for updating items. Use the Post method for creations."); } var dbItem = _catalogRepository.Query().Where(i => i.Id == item.Id && i.User_Id == User.Id); if (dbItem == null) { // This probably means someone is trying to update someone elses item. Let's verify so we can log // all attempts to gain illicit access. var existsOnAnotherUser = _catalogRepository.Query().Where(i => i.Id == item.Id).Any(); if (existsOnAnotherUser) { _log.Fatal("Someone is trying to update another user's catalog. User ID: " + User.Id + " Catalog ID: " + item.Id); } else { _log.Error("User is trying to access item that does not exists. User ID: " + User.Id + " Catalog ID: " + item.Id); } throw new ItemNotFoundException("Catalog does not exists."); } else { CreateOrUpdateCatalogCommand cmd = new CreateOrUpdateCatalogCommand(item.Id, item.Name, User.Id, item.Visibility); var result = _commandBus.Submit(cmd); if (result.Success) { //item.Id = result.Id; return item; } else { throw new Exception("Failed to save catalog."); } } }