public async Task <ActionResult <PhoneBookResponse> > GetPhoneBook(Guid id)
{
// Check if phone book exists
PhoneBook phoneBook = await _phoneBookRepository.GetByIdAsync(id).ConfigureAwait(false);
if (phoneBook == null)
{
return(NotFound());
}
// Check if the phone book belongs to the current user
Guid userId = Guid.Parse(_userInfoService.UserId);
if (phoneBook.UserId == userId)
{
return(Ok(_mapper.Map <PhoneBookResponse>(phoneBook)));
}
_logger.LogWarning("User with id {ForbiddenUser} attempted to request a phone book owned by {OwningUser}",
userId, phoneBook.UserId);
// phone book does not belong to the user
// forbidden request
return(Forbid());
}
public async Task <ActionResult <PhoneBookEntryResponse> > CreatePhoneBookEntry(Guid phoneBookId,
[FromBody] PhoneBookEntryCreateRequest phoneBookEntryCreateRequest)
{
// Check if phone book exists
PhoneBook phoneBook = await _phoneBookRepository.GetByIdAsync(phoneBookId);
if (phoneBook == null)
{
return(NotFound());
}
// Check if the phone book belongs to the current user
Guid userId = Guid.Parse(_userInfoService.UserId);
if (phoneBook.UserId == userId)
{
PhoneBookEntry phoneBookEntry = _mapper.Map <PhoneBookEntry>(phoneBookEntryCreateRequest);
phoneBookEntry = await _phoneBookEntryRepository
.CreatePhoneBookEntryForBook(phoneBookId, phoneBookEntry);
await _phoneBookRepository.SaveChangesAsync();
return(CreatedAtRoute("GetPhoneBookEntry", new { phonebookId = phoneBook.Id, id = phoneBookEntry.Id },
_mapper.Map <PhoneBookEntryResponse>(phoneBookEntry)));
}
_logger.LogWarning("User with id {ForbiddenUser} attempted to request add a phonebook entry to a phone book owned by {OwningUser}",
userId, phoneBook.UserId);
// the phone book does not belong to the user
// forbidden request
return(Forbid());
}
