Exemplo n.º 1
0
        /// <summary>
        /// Validate that the current user is an administrator or this place belongs to them.
        /// </summary>
        /// <param name="place">The place to test.</param>
        /// <returns>True if the user is allowed.</returns>
        public bool IsAllowed(Entity.Place place)
        {
            var userId  = new Guid(this.User.FindFirstValue(ClaimTypes.NameIdentifier));
            var isAdmin = this.User.Claims.Any(c => c.Type == ClaimTypes.Role && c.Value == "administrator");

            // Only admins can update other users places.
            return(isAdmin || place?.OwnerId == userId);
        }
Exemplo n.º 2
0
        public IActionResult AddMyPlaces(Model.Place place)
        {
            var userId = new Guid(this.User.FindFirstValue(ClaimTypes.NameIdentifier));
            var entity = new Entity.Place(place.Latitude, place.Longitude, place.Note, userId);

            _dbContext.Places.Add(entity);
            _dbContext.SaveChanges();
            var result = new JsonResult(new Model.Place(entity));

            result.StatusCode = 201;
            return(result);
        }