public async Task <ActionResult> Create([Bind("Name")] ApiCharacter character)
{
if (!ModelState.IsValid)
{
return(View(character));
}
HttpRequestMessage request = CreateRequestToService(HttpMethod.Post,
Configuration["ServiceEndpoints:Character"], character);
HttpResponseMessage response;
try
{
response = await HttpClient.SendAsync(request);
}
catch (HttpRequestException)
{
ModelState.AddModelError("", "Unexpected server error");
return(View(character));
}
if (!response.IsSuccessStatusCode)
{
if (response.StatusCode == HttpStatusCode.Unauthorized)
{
return(RedirectToAction("Login", "Account"));
}
ModelState.AddModelError("", "Unexpected server error");
return(View(character));
}
return(RedirectToAction(nameof(Index)));
}
// GET: Character/Details/5
public async Task <ActionResult> Details(int id)
{
HttpRequestMessage request = CreateRequestToService(HttpMethod.Get,
$"{Configuration["ServiceEndpoints:Character"]}/{id}");
HttpResponseMessage response;
try
{
response = await HttpClient.SendAsync(request);
}
catch (HttpRequestException)
{
return(View("Error", new ErrorViewModel()));
}
if (!response.IsSuccessStatusCode)
{
if (response.StatusCode == HttpStatusCode.Unauthorized)
{
return(RedirectToAction("Login", "Account"));
}
return(View("Error", new ErrorViewModel()));
}
var jsonString = await response.Content.ReadAsStringAsync();
ApiCharacter character = JsonConvert.DeserializeObject <ApiCharacter>(jsonString);
return(View(character));
}
public async Task <IActionResult> Post([FromBody, Bind("Name")] ApiCharacter apiCharacter)
{
// there was some "overposting" vulnerability here... i do not want client to be able
// to set the ID. either i can make sure to ignore that value if he sends it
// or i can explicitly not bind it.
Character character = _mapper.Map(apiCharacter);
Character newCharacter = await _characterRepository.AddAsync(character);
ApiCharacter newApiCharacter = _mapper.Map(newCharacter);
return(CreatedAtAction(nameof(GetById), new { id = newApiCharacter.Id },
newApiCharacter));
}
public async Task <IActionResult> Put(int id, [FromBody, Bind("Name")] ApiCharacter apiCharacter)
{
// implementation choice, whether PUT on nonexistent resource is
// successful or error.
if (await _characterRepository.GetByIdAsync(id) is null)
{
return(NotFound());
}
Character character = _mapper.Map(apiCharacter);
character.Id = id;
await _characterRepository.UpdateAsync(character);
return(NoContent()); // 204
}
public async Task <ActionResult> Delete(int id, ApiCharacter character)
{
if (!(Account?.Roles?.Contains("admin") ?? false))
{
// access denied
return(View("Error", new ErrorViewModel()));
}
if (!ModelState.IsValid)
{
return(View(character));
}
HttpRequestMessage request = CreateRequestToService(HttpMethod.Delete,
$"{Configuration["ServiceEndpoints:Character"]}/{id}");
HttpResponseMessage response;
try
{
response = await HttpClient.SendAsync(request);
}
catch (HttpRequestException)
{
ModelState.AddModelError("", "Unexpected server error");
return(View(character));
}
if (!response.IsSuccessStatusCode)
{
switch (response.StatusCode)
{
case HttpStatusCode.Unauthorized:
return(RedirectToAction("Login", "Account"));
case HttpStatusCode.NotFound:
return(View("Error", new ErrorViewModel()));
default:
ModelState.AddModelError("", "Unexpected server error");
return(View());
}
}
return(RedirectToAction(nameof(Index)));
}
