public HttpResponseMessage PutExpenseImage(int id, ExpenseDto dto)
        {
            if (!ModelState.IsValid)
            {
                return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState);
            }

            if (id != dto.ExpenseId)
            {
                return Request.CreateResponse(HttpStatusCode.BadRequest);
            }

            var existingExpense = Uow.Expenses.Include(e => e.ExpenseReport.Employee).GetById(id);
            if (existingExpense.ExpenseReport.Employee.UserId != User.Identity.Name)
            {
                // Trying to modify a record that does not belong to the user
                return Request.CreateResponse(HttpStatusCode.Unauthorized);
            }

            // We only update images in this controller
            existingExpense.Image = dto.Image;
            existingExpense.ImageType = dto.ImageType;

            try
            {
                Uow.Expenses.Update(existingExpense);
                Uow.Commit();
            }
            catch (DbUpdateConcurrencyException)
            {
                return Request.CreateResponse(HttpStatusCode.InternalServerError);
            }

            return Request.CreateResponse(HttpStatusCode.OK);
        }
示例#2
0
        public HttpResponseMessage PostExpense(ExpenseDto dto)
        {
            if (!ModelState.IsValid)
            {
                return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState);
            }

            var existingExpenseReport = Uow.ExpenseReports.Include(e => e.Employee).GetById(dto.ExpenseReportId);
            if (existingExpenseReport.Employee.UserId != User.Identity.Name)
            {
                // Trying to modify a record that does not belong to the user
                return Request.CreateResponse(HttpStatusCode.Unauthorized);
            }

            var expense = new Model.Expense { ExpenseReport = existingExpenseReport };
            dto.UpdateEntity(expense);

            try
            {
                Uow.Expenses.Add(expense);
                Uow.Commit();
                dto.ExpenseId = expense.Id;
            }
            catch (Exception exp)
            {
                return Request.CreateResponse(HttpStatusCode.InternalServerError, exp.Message);
            }

            var response = Request.CreateResponse(HttpStatusCode.Created, dto);
            response.Headers.Location = new Uri(Url.Link("DefaultApi", new { id = dto.ExpenseId }));
            return response;
        }
        public HttpResponseMessage GetExpenseImage(int id)
        {
            var expense = Uow.Expenses.Include(e => e.ExpenseReport.Employee).GetById(id);
            if (expense == null)
            {
                throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotFound));
            }

            if (expense.ExpenseReport.Employee.UserId != User.Identity.Name)
            {
                // Trying to access a record that does not belong to the user
                throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.Unauthorized));
            }

            var dto = new ExpenseDto
            {
                Image = expense.Image,
                ImageType = expense.ImageType
            };

            var response = Request.CreateResponse(HttpStatusCode.Created, dto);
            //response.Headers.CacheControl = new System.Net.Http.Headers.CacheControlHeaderValue { MaxAge = new System.TimeSpan(0, 10, 0) };
            return response;
        }