public async Task <ActionResult <Trip> > PostTrip(TripModel m)
{
var uid = //get id from User AD
_DB.Trips.Add(new Trip
{
DateUTC = m.DateUTC,
Destination = m.Destination,
Country = m.Country,
Title = m.Title,
UserId = _User.UserId
});
await _DB.SaveChangesAsync();
return(CreatedAtAction("GetTrip", new { id = m.Id }, m));
}
public async Task <IActionResult> PutTrip(TripModel m)
{
var t = await _DB.Trips.FindAsync(m.Id);
if (t == null)
{
return(NotFound());
}
if (!CanEditOrDelete(_User.UserId, m.UserId))
{
return(NotFound()); //for internal should be NotAuthorized, but for public security reasons we should return zero info about request.
}
//update entry
t.DateUTC = m.DateUTC;
t.Destination = m.Destination;
t.Country = m.Country;
t.Title = m.Title;
t.UserId = m.UserId;
_DB.Entry(t).State = EntityState.Modified;
try
{
await _DB.SaveChangesAsync();
}
catch (DbUpdateConcurrencyException)
{
if (!TripExists(m.Id))
{
return(NotFound());
}
else
{
throw;
}
}
return(NoContent());
}