public EntryGetResponse PostNewEntry(EntryPostRequest request, string Author)
{
using (var connection = new SqlConnection(_connectionString))
{
connection.Open();
return(connection.QueryFirst <EntryGetResponse>(
@" EXEC [Blog].[dbo].[SP_Create_New_Entry] @Subject = @Subject, @Content = @Content, @Author = @Author",
new { Subject = request.Subject, Content = request.Content, Author = Author }
));
}
}
public async Task <IActionResult> PostNewEntry(EntryPostRequest request)
{
var userEmail = await GetUserName();
var access = _dataRepository.GetUserAccess(userEmail);
if (access.Admin != 1 && access.Editor != 1)
{
return(Unauthorized(new { message = "Access Denied" }));
}
var results = _dataRepository.PostNewEntry(request, userEmail);
return(Ok(results));
}
