public async Task <ActionResult <Need> > PostNeed(NeedDto entry) { var profile = await GetLoggedInProfile(); var allowedProfiles = await GetAllowedProfiles(profile.Id); if (!VerifyProfileOnEntry(allowedProfiles, entry)) { return(Forbid("User does not have access to create needs for this account")); } var dbEntry = SetUpNeed(entry, profile); await _context.SaveChangesAsync(); return(CreatedAtAction("Post", new { id = entry.Id }, _mapper.Map <NeedDto>(dbEntry))); }
private Need SetUpNeed(NeedDto entry, Profile profile) { var dbEntry = _mapper.Map <Need>(entry); if (entry.ProfileId <= 0) { dbEntry.Profile = profile; } if (dbEntry.Id > 0) { _context.Entry(dbEntry).State = EntityState.Modified; } else { dbEntry.CreatedDate = System.DateTime.Now; _context.Needs.Add(dbEntry); } return(dbEntry); }
public async Task <IActionResult> PutNeed(int id, NeedDto entry) { if (id != entry.Id) { return(BadRequest("Payload does not match identifier")); } var profile = await GetLoggedInProfile(); var allowedProfiles = await GetAllowedProfiles(profile.Id); if (!await _context.Needs.AnyAsync(e => e.Id == entry.Id && allowedProfiles.Contains(e.ProfileId))) { return(NotFound()); } var dbEntry = _mapper.Map <Need>(entry); _context.Entry(dbEntry).State = EntityState.Modified; try { await _context.SaveChangesAsync(); } catch (DbUpdateConcurrencyException) { if (!NeedExists(id)) { return(NotFound()); } else { throw; } } return(Ok()); }
private bool VerifyProfileOnEntry(ICollection <int> allowedProfiles, NeedDto entry) { return(entry.ProfileId <= 0 || allowedProfiles.Contains(entry.ProfileId)); }