public IHttpActionResult PutMeal(int id, Meal meal) { if (!ModelState.IsValid) { return BadRequest(ModelState); } if (id != meal.MealId) { return BadRequest(); } // Only Administrator or the owner of this meal may manipulate it var user = db.Users.Where(x => x.UserName == User.Identity.Name).Single(); if(!User.IsInRole("Administrator")&&user.Id!=meal.ApplicationUserId) { return BadRequest(); } meal.Year = meal.DateTime.Year; meal.Month = meal.DateTime.Month; meal.Day = meal.DateTime.Day; db.Entry(meal).State = EntityState.Modified; try { db.SaveChanges(); } catch (DbUpdateConcurrencyException) { if (!MealExists(id)) { return NotFound(); } else { throw; } } return StatusCode(HttpStatusCode.NoContent); }
public IHttpActionResult PostMeal(Meal meal) { var user = db.Users.Where(x => x.UserName == User.Identity.Name).Single(); meal.Year = meal.DateTime.Year; meal.Month = meal.DateTime.Month; meal.Day = meal.DateTime.Day; user.Meals.Add(meal); db.SaveChanges(); return CreatedAtRoute("DefaultApi", new { id = meal.MealId }, meal); }