public IActionResult CreateDebt([FromBody] DebtInboxDto debtDto) { try { _debtsService.CreateDebt(debtDto); return(Ok()); } catch (ForbiddenException) { return(Forbid()); } }
public void CreateDebt(DebtInboxDto debtDto) { var userId = Convert.ToInt32(_httpContextAccessor.HttpContext.User.FindFirst(ClaimTypes.NameIdentifier)?.Value); bool isAccessAllow = userId == debtDto.GiverId || userId == debtDto.TakerId; if (!isAccessAllow) { throw new ForbiddenException(); } Debt debt = _mapper.Map <Debt>(debtDto); debt.IsActive = true; debt.Date = DateTimeOffset.Now; _context.Debts.Add(debt); _context.SaveChanges(); }