public IHttpActionResult Edit(int id, EditBankAccountBindingModel model) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var userId = User.Identity.GetUserId(); var bankAccount = Context .BankAccounts .FirstOrDefault(p => p.Id == id); if (bankAccount == null) { return(NotFound()); } if (bankAccount.Household.OwnerId != userId) { ModelState.AddModelError("", "You're not the owner of this household"); return(BadRequest(ModelState)); } Mapper.Map(model, bankAccount); bankAccount.DateUpdated = DateTime.Now; Context.SaveChanges(); var result = Mapper.Map <BankAccountViewModel>(bankAccount); return(Ok(result)); }
public IHttpActionResult Edit(int id, EditBankAccountBindingModel formData) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var bankAccount = BankAccountHelper.GetByIdWithHh(id); if (bankAccount == null) { return(NotFound()); } var currentUserId = User.Identity.GetUserId(); var IsOwner = bankAccount.Household.OwnerId == currentUserId; if (!IsOwner) { return(Unauthorized()); } Mapper.Map(formData, bankAccount); bankAccount.DateUpdated = DateTime.Now; DbContext.SaveChanges(); var viewModel = Mapper.Map <BankAccountViewModel>(bankAccount); return(Ok(viewModel)); }