// POST api/OrderNote
public HttpResponseMessage PostOrderNote(OrderNoteDto ordernoteDto)
{
if (!ModelState.IsValid)
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState));
}
Order order = db.Orders.Find(ordernoteDto.OrderId);
if (order == null)
{
return(Request.CreateResponse(HttpStatusCode.NotFound));
}
if (order.UserId != User.Identity.Name)
{
// Trying to add a record that does not belong to the user
return(Request.CreateResponse(HttpStatusCode.Unauthorized));
}
OrderNote orderNote = ordernoteDto.ToEntity();
// Need to detach to avoid loop reference exception during JSON serialization
db.Entry(order).State = EntityState.Detached;
db.OrderNotes.Add(orderNote);
db.SaveChanges();
ordernoteDto.OrderNoteId = orderNote.OrderNoteId;
HttpResponseMessage response = Request.CreateResponse(HttpStatusCode.Created, ordernoteDto);
response.Headers.Location = new Uri(Url.Link("DefaultApi", new { id = ordernoteDto.OrderNoteId }));
return(response);
}
// DELETE api/OrderNote/5
public HttpResponseMessage DeleteOrderNote(int id)
{
OrderNote orderNote = db.OrderNotes.Find(id);
if (orderNote == null)
{
return(Request.CreateResponse(HttpStatusCode.NotFound));
}
if (db.Entry(orderNote.Order).Entity.UserId != User.Identity.Name)
{
// Trying to delete a record that does not belong to the user
return(Request.CreateResponse(HttpStatusCode.Unauthorized));
}
OrderNoteDto orderNoteDto = new OrderNoteDto(orderNote);
db.OrderNotes.Remove(orderNote);
try
{
db.SaveChanges();
}
catch (DbUpdateConcurrencyException)
{
return(Request.CreateResponse(HttpStatusCode.InternalServerError));
}
return(Request.CreateResponse(HttpStatusCode.OK, orderNoteDto));
}
// PUT api/OrderNote/5
public HttpResponseMessage PutOrderNote(int id, OrderNoteDto ordernoteDto)
{
if (!ModelState.IsValid)
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState));
}
if (id != ordernoteDto.OrderNoteId)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest));
}
OrderNote orderNote = ordernoteDto.ToEntity();
Order order = db.Orders.Find(orderNote.OrderId);
if (order == null)
{
return(Request.CreateResponse(HttpStatusCode.NotFound));
}
if (order.UserId != User.Identity.Name)
{
// Trying to modify a record that does not belong to the user
return(Request.CreateResponse(HttpStatusCode.Unauthorized));
}
// Need to detach to avoid duplicate primary key exception when SaveChanges is called
db.Entry(order).State = EntityState.Detached;
db.Entry(orderNote).State = EntityState.Modified;
try
{
db.SaveChanges();
}
catch (DbUpdateConcurrencyException)
{
return(Request.CreateResponse(HttpStatusCode.InternalServerError));
}
return(Request.CreateResponse(HttpStatusCode.OK));
}
