public async Task <IActionResult> AddBookToUser(string appUserId, string bookId)
{
var appUser = await _db.AppUsers.FirstOrDefaultAsync(u => u.Id == appUserId);
var book = await _db.Books.FirstOrDefaultAsync(b => b.Id == bookId);
if (appUser == null || book == null)
{
return(RedirectToAction("Index"));
}
var appUserBook = new AppUserBook {
AppUserId = appUserId,
AppUser = appUser,
BookId = bookId,
Book = book,
};
appUser.AppUserBooks ??= new List <AppUserBook>();
if (await IsBookInUser(bookId, appUserId))
{
return(RedirectToAction("Index"));
}
appUser.AppUserBooks.Add(appUserBook);
await _db.SaveChangesAsync();
return(RedirectToAction("Index"));
}
public async Task <ActionResult> AddAppUserBook(IEnumerable <Book> book)
{
//Get hold of the username from the token, not by username as we cant trust this.
//as someone could have stolen the token and is trying to use it to update a different user.
var username = User.FindFirst(ClaimTypes.NameIdentifier)?.Value;
//Get appUser from DB
var appUser = await _unitOfWork.AppUser.GetUserByUsernameAsync(username);
//Object to store each AppUser Book
AppUserBook appUserBook = new AppUserBook();
//User not found
if (appUser == null)
{
//404
return(NotFound());
}
//Check if object contains any data
if (book != null)
{
foreach (var item in book)
{
//AppUserID: Retrieved from JWT token. Not user.
appUserBook.AppUserId = appUser.Id;
appUserBook.BookId = item.Id;
//These 2 fields come from the DB. Preventing hackers overriding these values from front end.
appUserBook.SubscriptionBookName = item.BookName;
appUserBook.SubscriptionPurchasePrice = item.BookPurchasePrice;
appUserBook.SubscriptionDate = DateTime.Now;
appUserBook.SubscriptionUnsubscribeDate = DateTime.Now;
appUserBook.SubscriptionIsDeleted = 0;
//Add to EF memory. Not Persisted to DB yet.
_unitOfWork.AppUserBook.Add(appUserBook);
}
}
//Persist changes to DB
if (await _unitOfWork.AppUserBook.SaveAllAsync())
{
return(NoContent());
}
else
{
return(BadRequest("Failed to update user."));
}
}
