public async Task <IActionResult> UpdatePurchase(int purchaseId, [FromBody] UpdatePurchaseModel model) { if (model == null) { throw new ApiException(400, "Invalid request body", ErrorCode.InvalidRequestFormat); } await _purchasesService.UpdatePurchase(purchaseId, model, _currentUser.Id); return(Ok()); }
public async Task UpdatePurchase(int purchaseId, UpdatePurchaseModel model, int currentUserId) { var purchase = await _db.Purchases.FindAsync(purchaseId); if (purchase.CreatorId != currentUserId) { throw new ApiException(401, "Access denied", ErrorCode.AuthError); } purchase.Name = string.IsNullOrWhiteSpace(model.Name) ? purchase.Name : model.Name; await _db.SaveChangesAsync(); }