[ValidateAntiForgeryToken] // Prevents XSRF/CSRF attacks public async Task <IActionResult> Create(PostReviewModel postReviewModel) { try { AuthorizeHelper.Authorize(this.HttpContext, "Guest", this.GetType().Name, "Create", "review"); if (ModelState.IsValid) { var userId = HttpContext.Session.GetString("_Id"); var user = await _moviemindAPIService.GetModel <GetUserModel>(userId, "users"); postReviewModel.UserId = user.Id; GetReviewModel getReviewModel = await _moviemindAPIService.PostModel <PostReviewModel, GetReviewModel>(postReviewModel, "reviews"); return(Redirect("/Reviews/Details/" + getReviewModel.Id.ToString())); } return(View(postReviewModel)); } catch (MovieMindException e) { return(ErrorHelper.HandleError(e, this.View(postReviewModel))); } }
public async Task <ActionResult <GetReviewModel> > PostReview(PostReviewModel postReviewModel) { try { GetReviewModel review = await _reviewRepository.PostReview(postReviewModel); await _movieRepository.CalculateOverallRating(postReviewModel.MovieId.ToString()); return(CreatedAtAction(nameof(GetReview), new { id = review.Id }, review)); } catch (DatabaseException e) { return(BadRequest(e.MovieMindError)); } }
public async Task <GetReviewModel> PostReview(PostReviewModel postReviewModel) { User user = await _context.Users.FirstOrDefaultAsync(x => x.Id == postReviewModel.UserId); if (user == null) { throw new EntityException("User not found", this.GetType().Name, "PostReview", "404"); } Movie movie = await _context.Movies.FirstOrDefaultAsync(x => x.Id == postReviewModel.MovieId); if (movie == null) { throw new EntityException("Movie not found", this.GetType().Name, "PostReview", "404"); } try { EntityEntry <Review> result = await _context.Reviews.AddAsync(new Review { Description = postReviewModel.Description, Rating = postReviewModel.Rating, Date = postReviewModel.Date, UserId = postReviewModel.UserId, User = user, MovieId = postReviewModel.MovieId, Movie = movie }); await _context.SaveChangesAsync(); return(await GetReview(result.Entity.Id.ToString())); } catch (MovieMindException) { throw; } catch (Exception e) { throw new DatabaseException(e.InnerException.Message, this.GetType().Name, "PostReview", "400"); } }