public Customer CreateCustomer(Customer customer)
{
if (!ModelState.IsValid)
{
throw new HttpResponseException(HttpStatusCode.BadRequest);
}
_context.Customers.Add(customer);
_context.SaveChanges();
return(customer);
}
public ActionResult Save(Customer customer)
{
if (!ModelState.IsValid)
{
var viewModel = new CustomerFormViewModel
{
Customer = customer,
MembershipTypes = _context.MembershipTypes.ToList()
};
return(View("CustomerForm", viewModel));
}
if (customer.Id == 0)
{
_context.Customers.Add(customer);
}
else
{
var customerInDb = _context.Customers.Single(c => c.Id == customer.Id);
// According to Microsoft but it has a security gap
// 01. TryUpdateModel(customerInDb);
// 02. TryUpdateModel(customerInDb, "", new string[]{ "Name", "Email });
customerInDb.Name = customer.Name;
customerInDb.Birthdate = customer.Birthdate;
customerInDb.MembershipTypeId = customer.MembershipTypeId;
customerInDb.IsSubscribedToNewsletter = customer.IsSubscribedToNewsletter;
}
_context.SaveChanges();
return(RedirectToAction("Index", "Customers"));
}
public ActionResult Save(Movie movie)
{
if (!ModelState.IsValid)
{
var viewModel = new MovieFormViewModel(movie)
{
Genres = _context.Genre.ToList()
};
return(View("MovieForm", viewModel));
}
if (movie.Id == 0)
{
movie.DateAdded = DateTime.Now;
_context.Movies.Add(movie);
}
else
{
var movieInDb = _context.Movies.Single(m => m.Id == movie.Id);
movieInDb.Name = movie.Name;
movieInDb.GenreId = movie.GenreId;
movieInDb.NumberInStock = movie.NumberInStock;
movieInDb.ReleaseDate = movie.ReleaseDate;
}
try
{
_context.SaveChanges();
}
catch (DbEntityValidationException e)
{
Console.WriteLine(e);
}
return(RedirectToAction("Index", "Movies"));
}