public IHttpActionResult PutMeal(int id, Meal meal)
{
if (!ModelState.IsValid)
{
return BadRequest(ModelState);
}
if (id != meal.MealId)
{
return BadRequest();
}
// Only Administrator or the owner of this meal may manipulate it
var user = db.Users.Where(x => x.UserName == User.Identity.Name).Single();
if(!User.IsInRole("Administrator")&&user.Id!=meal.ApplicationUserId)
{
return BadRequest();
}
meal.Year = meal.DateTime.Year;
meal.Month = meal.DateTime.Month;
meal.Day = meal.DateTime.Day;
db.Entry(meal).State = EntityState.Modified;
try
{
db.SaveChanges();
}
catch (DbUpdateConcurrencyException)
{
if (!MealExists(id))
{
return NotFound();
}
else
{
throw;
}
}
return StatusCode(HttpStatusCode.NoContent);
}
public IHttpActionResult PostMeal(Meal meal)
{
var user = db.Users.Where(x => x.UserName == User.Identity.Name).Single();
meal.Year = meal.DateTime.Year;
meal.Month = meal.DateTime.Month;
meal.Day = meal.DateTime.Day;
user.Meals.Add(meal);
db.SaveChanges();
return CreatedAtRoute("DefaultApi", new { id = meal.MealId }, meal);
}