[ValidateAntiForgeryToken] // Prevents XSRF/CSRF attacks
public async Task <IActionResult> Create(PostReviewModel postReviewModel)
{
try
{
AuthorizeHelper.Authorize(this.HttpContext, "Guest", this.GetType().Name, "Create", "review");
if (ModelState.IsValid)
{
var userId = HttpContext.Session.GetString("_Id");
var user = await _moviemindAPIService.GetModel <GetUserModel>(userId, "users");
postReviewModel.UserId = user.Id;
GetReviewModel getReviewModel = await _moviemindAPIService.PostModel <PostReviewModel, GetReviewModel>(postReviewModel, "reviews");
return(Redirect("/Reviews/Details/" + getReviewModel.Id.ToString()));
}
return(View(postReviewModel));
}
catch (MovieMindException e)
{
return(ErrorHelper.HandleError(e, this.View(postReviewModel)));
}
}
public async Task <ActionResult <GetReviewModel> > PostReview(PostReviewModel postReviewModel)
{
try
{
GetReviewModel review = await _reviewRepository.PostReview(postReviewModel);
await _movieRepository.CalculateOverallRating(postReviewModel.MovieId.ToString());
return(CreatedAtAction(nameof(GetReview), new { id = review.Id }, review));
}
catch (DatabaseException e)
{
return(BadRequest(e.MovieMindError));
}
}
public async Task <GetReviewModel> PostReview(PostReviewModel postReviewModel)
{
User user = await _context.Users.FirstOrDefaultAsync(x => x.Id == postReviewModel.UserId);
if (user == null)
{
throw new EntityException("User not found", this.GetType().Name, "PostReview", "404");
}
Movie movie = await _context.Movies.FirstOrDefaultAsync(x => x.Id == postReviewModel.MovieId);
if (movie == null)
{
throw new EntityException("Movie not found", this.GetType().Name, "PostReview", "404");
}
try
{
EntityEntry <Review> result = await _context.Reviews.AddAsync(new Review
{
Description = postReviewModel.Description,
Rating = postReviewModel.Rating,
Date = postReviewModel.Date,
UserId = postReviewModel.UserId,
User = user,
MovieId = postReviewModel.MovieId,
Movie = movie
});
await _context.SaveChangesAsync();
return(await GetReview(result.Entity.Id.ToString()));
}
catch (MovieMindException)
{
throw;
}
catch (Exception e)
{
throw new DatabaseException(e.InnerException.Message, this.GetType().Name, "PostReview", "400");
}
}
