public HttpResponseMessage PutTodoList(int id, TodoListDto todoListDto) { if (!ModelState.IsValid) { return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState); } if (id != todoListDto.TodoListId) { return Request.CreateResponse(HttpStatusCode.BadRequest); } TodoList todoList = todoListDto.ToEntity(); if (db.Entry(todoList).Entity.UserId != User.Identity.Name) { // Trying to modify a record that does not belong to the user return Request.CreateResponse(HttpStatusCode.Unauthorized); } db.Entry(todoList).State = EntityState.Modified; try { db.SaveChanges(); } catch (DbUpdateConcurrencyException) { return Request.CreateResponse(HttpStatusCode.InternalServerError); } return Request.CreateResponse(HttpStatusCode.OK); }
public HttpResponseMessage PostTodoList(TodoListDto todoListDto) { if (!ModelState.IsValid) { return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState); } todoListDto.UserId = User.Identity.Name; TodoList todoList = todoListDto.ToEntity(); db.TodoLists.Add(todoList); db.SaveChanges(); todoListDto.TodoListId = todoList.TodoListId; HttpResponseMessage response = Request.CreateResponse(HttpStatusCode.Created, todoListDto); response.Headers.Location = new Uri(Url.Link("DefaultApi", new { id = todoListDto.TodoListId })); return response; }