public IHttpActionResult PutTodoList(int id, TodoListViewModel todoListDto)
{
if (!ModelState.IsValid)
{
return(Message(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState)));
}
if (id != todoListDto.TodoListId)
{
return(StatusCode(HttpStatusCode.BadRequest));
}
TodoList todoList = todoListDto.ToEntity();
if (!String.Equals(db.Entry(todoList).Entity.UserId, User.Identity.GetUserId(), StringComparison.OrdinalIgnoreCase))
{
// Trying to modify a record that does not belong to the user
return(StatusCode(HttpStatusCode.Unauthorized));
}
db.Entry(todoList).State = EntityState.Modified;
try
{
db.SaveChanges();
}
catch (DbUpdateConcurrencyException)
{
return(StatusCode(HttpStatusCode.InternalServerError));
}
return(StatusCode(HttpStatusCode.OK));
}
public HttpResponseMessage PostTodoList(TodoListViewModel todoListDto)
{
if (!ModelState.IsValid)
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState));
}
todoListDto.UserId = User.Identity.GetUserId();
TodoList todoList = todoListDto.ToEntity();
db.TodoLists.Add(todoList);
db.SaveChanges();
todoListDto.TodoListId = todoList.TodoListId;
HttpResponseMessage response = Request.CreateResponse(HttpStatusCode.Created, todoListDto);
response.Headers.Location = new Uri(Url.Link("TodoList", new { id = todoListDto.TodoListId }));
return(response);
}
