public async Task <IHttpActionResult> PostCampaignUpdate(CampaignUpdate campaignUpdate)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
// Only the one who created the campaign can add the updates
//TODO: What about admins?
var campaign = campaignUpdate.Campaign;
if (campaign.CreatedById.ToString() != User.Identity.GetUserId())
{
return(Unauthorized());
}
else if (campaign.Status != CampaignStatus.Approved)
{
return(BadRequest("Updates can only be added for approved campaigns"));
}
db.CampaignUpdates.Add(campaignUpdate);
await db.SaveChangesAsync();
return(CreatedAtRoute("DefaultApi", new { id = campaignUpdate.Id }, campaignUpdate));
}
public IHttpActionResult GetCampaignUpdate(int id)
{
CampaignUpdate campaignUpdate = db.CampaignUpdates.Find(id);
if (campaignUpdate == null)
{
return(NotFound());
}
return(Ok(campaignUpdate));
}
public async Task <IHttpActionResult> PostCampaignUpdate(int id, CampaignUpdate campaignUpdate)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (id != campaignUpdate.Id)
{
return(BadRequest());
}
//Only the one who created the campaign can edit the updates
//TODO: What about admins?
var campaign = campaignUpdate.Campaign;
if (campaign.CreatedById.ToString() != User.Identity.GetUserId())
{
return(Unauthorized());
}
else if (campaign.Status != CampaignStatus.Approved)
{
return(BadRequest("Updates can only be edited for approved campaigns"));
}
else
if (campaignUpdate.Status == Models.UpdateStatus.Approved ||
campaignUpdate.Status == Models.UpdateStatus.Waiting)
{
return(BadRequest("No update change for validated or waiting updates"));
}
db.Entry(campaignUpdate).State = EntityState.Modified;
try
{
await db.SaveChangesAsync();
}
catch (DbUpdateConcurrencyException)
{
if (!CampaignUpdateExists(id))
{
return(NotFound());
}
else
{
throw;
}
}
return(StatusCode(HttpStatusCode.NoContent));
}
