public async Task <ActionResult <PhoneBookResponse> > GetPhoneBook(Guid id) { // Check if phone book exists PhoneBook phoneBook = await _phoneBookRepository.GetByIdAsync(id).ConfigureAwait(false); if (phoneBook == null) { return(NotFound()); } // Check if the phone book belongs to the current user Guid userId = Guid.Parse(_userInfoService.UserId); if (phoneBook.UserId == userId) { return(Ok(_mapper.Map <PhoneBookResponse>(phoneBook))); } _logger.LogWarning("User with id {ForbiddenUser} attempted to request a phone book owned by {OwningUser}", userId, phoneBook.UserId); // phone book does not belong to the user // forbidden request return(Forbid()); }
public async Task <ActionResult <PhoneBookEntryResponse> > CreatePhoneBookEntry(Guid phoneBookId, [FromBody] PhoneBookEntryCreateRequest phoneBookEntryCreateRequest) { // Check if phone book exists PhoneBook phoneBook = await _phoneBookRepository.GetByIdAsync(phoneBookId); if (phoneBook == null) { return(NotFound()); } // Check if the phone book belongs to the current user Guid userId = Guid.Parse(_userInfoService.UserId); if (phoneBook.UserId == userId) { PhoneBookEntry phoneBookEntry = _mapper.Map <PhoneBookEntry>(phoneBookEntryCreateRequest); phoneBookEntry = await _phoneBookEntryRepository .CreatePhoneBookEntryForBook(phoneBookId, phoneBookEntry); await _phoneBookRepository.SaveChangesAsync(); return(CreatedAtRoute("GetPhoneBookEntry", new { phonebookId = phoneBook.Id, id = phoneBookEntry.Id }, _mapper.Map <PhoneBookEntryResponse>(phoneBookEntry))); } _logger.LogWarning("User with id {ForbiddenUser} attempted to request add a phonebook entry to a phone book owned by {OwningUser}", userId, phoneBook.UserId); // the phone book does not belong to the user // forbidden request return(Forbid()); }