public IActionResult CheckItem([FromBody] BaseDto user, int itemId) { string unprotectedId; try { unprotectedId = _protector.Unprotect(user.Credential); } catch (CryptographicException) { return(Unauthorized()); } var userId = int.Parse(unprotectedId); var projectsUsers = _projectUsersRepository .GetAll(p => p.UserId == userId && p.IsAccepted) .AsNoTracking(); var checkingItem = _repository.GetAll(i => i.Id == itemId).First(); // User is modifying the item, which is not owned by him. if (!ToDoItemsHelper.IsItemOwnedByUser(_repository, checkingItem, userId, projectsUsers)) { return(NotFound()); } checkingItem.CompleteDate = DateTime.UtcNow; _repository.Edit(checkingItem); return(Ok()); }
public HttpResponseMessage UpdateItem([FromBody] ToDoItemDto item) { int userId; if (!ModelState.IsValid) { return(new HttpResponseMessage(HttpStatusCode.BadRequest)); } try { var unprotectedId = _protector.Unprotect(item.Credential); userId = int.Parse(unprotectedId); } catch (CryptographicException) { return(new HttpResponseMessage(HttpStatusCode.Unauthorized)); } try { var editedItem = _dtoMapper.Map <ToDoItem>(item); var projectsUsers = _projectUsersRepository .GetAll(p => p.UserId == userId && p.IsAccepted) .AsNoTracking(); // User is modifying the item, which is not owned by him. if (!ToDoItemsHelper.IsItemOwnedByUser(_repository, editedItem, userId, projectsUsers)) { return(new HttpResponseMessage(HttpStatusCode.NotFound)); } editedItem.UserId = userId; _repository.Edit(editedItem); return(new HttpResponseMessage(HttpStatusCode.OK)); } catch (Exception) { return(new HttpResponseMessage(HttpStatusCode.NotModified)); } }