public async Task <Document <Family> > UpsertFamily(Document <Family> family) { HttpContext.VerifyUserHasAnyAcceptedScope(scopeRequiredByApi); string userEmailString = CurrentUserEmail(HttpContext); var userEmail = EmailAddressModule.tryParse(userEmailString).Value; var tryDeserialize = Dto.deserializeFamily(family); if (tryDeserialize.IsError) { throw new InvalidOperationException($"The family document is not formatted properly: {tryDeserialize.ErrorValue}"); } if (!tryDeserialize.ResultValue.Members.Contains(userEmail)) { throw new InvalidOperationException("The current user must be a member of the family."); } // Could overwrite someone else's shopping list if you guessed the ID and // etag correctly var result = await _connector.UpsertFamily(family); return(result); }
static string CurrentUserEmail(HttpContext context) { string emailString = context.User.Claims.First(i => i.Type == "emails").Value; return(EmailAddressModule.normalizer(emailString)); }