public async Task <IActionResult> UpdatePurchase(int purchaseId, [FromBody] UpdatePurchaseModel model)
{
if (model == null)
{
throw new ApiException(400, "Invalid request body", ErrorCode.InvalidRequestFormat);
}
await _purchasesService.UpdatePurchase(purchaseId, model, _currentUser.Id);
return(Ok());
}
public async Task UpdatePurchase(int purchaseId, UpdatePurchaseModel model, int currentUserId)
{
var purchase = await _db.Purchases.FindAsync(purchaseId);
if (purchase.CreatorId != currentUserId)
{
throw new ApiException(401, "Access denied", ErrorCode.AuthError);
}
purchase.Name = string.IsNullOrWhiteSpace(model.Name) ? purchase.Name : model.Name;
await _db.SaveChangesAsync();
}
