public ExpenseReportDto GetExpenseReport(int id)
{
var expenseReport = Uow.ExpenseReports.Include(e => e.Employee).Include(r => r.Expenses).GetById(id);
if (expenseReport == null)
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotFound));
}
if (expenseReport.Employee.UserId.ToLower() != User.Identity.Name.ToLower())
{
// Trying to modify a record that does not belong to the user
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.Unauthorized));
}
var dto = new ExpenseReportDto
{
ExpenseReportId = expenseReport.Id,
//Name = expenseReport.Name,
Date = expenseReport.Date,
Expenses = expenseReport.Expenses.Select(e => new ExpenseDto
{
ExpenseId = e.Id,
ExpenseReportId = expenseReport.Id,
Date = e.Date,
Description = e.Description,
CurrencyId = e.CurrencyId,
TypeId = e.TypeId,
Amount = e.Amount,
ExchangeRate = e.ExchangeRate
}).AsQueryable()
};
return(dto);
}
public HttpResponseMessage Submit(ExpenseReportDto dto)
{
var date = DateTime.Now;
dto.Date = date;
var response = Request.CreateResponse(HttpStatusCode.Created, dto);
response.Headers.Location = new Uri(Url.Link("DefaultApi", dto));
return(response);
}
