public async Task <Document <Family> > UpsertFamily(Document <Family> family)
{
HttpContext.VerifyUserHasAnyAcceptedScope(scopeRequiredByApi);
string userEmailString = CurrentUserEmail(HttpContext);
var userEmail = EmailAddressModule.tryParse(userEmailString).Value;
var tryDeserialize = Dto.deserializeFamily(family);
if (tryDeserialize.IsError)
{
throw new InvalidOperationException($"The family document is not formatted properly: {tryDeserialize.ErrorValue}");
}
if (!tryDeserialize.ResultValue.Members.Contains(userEmail))
{
throw new InvalidOperationException("The current user must be a member of the family.");
}
// Could overwrite someone else's shopping list if you guessed the ID and
// etag correctly
var result = await _connector.UpsertFamily(family);
return(result);
}
static string CurrentUserEmail(HttpContext context)
{
string emailString = context.User.Claims.First(i => i.Type == "emails").Value;
return(EmailAddressModule.normalizer(emailString));
}
