public IHttpActionResult DeleteTodoList(int id)
{
TodoList todoList = db.TodoLists.Find(id);
if (todoList == null)
{
return StatusCode(HttpStatusCode.NotFound);
}
if (!String.Equals(db.Entry(todoList).Entity.UserId, User.Identity.GetUserId(), StringComparison.OrdinalIgnoreCase))
{
// Trying to delete a record that does not belong to the user
return StatusCode(HttpStatusCode.Unauthorized);
}
TodoListViewModel todoListDto = new TodoListViewModel(todoList);
db.TodoLists.Remove(todoList);
try
{
db.SaveChanges();
}
catch (DbUpdateConcurrencyException)
{
return StatusCode(HttpStatusCode.InternalServerError);
}
return Content(HttpStatusCode.OK, todoListDto);
}
public IHttpActionResult PutTodoList(int id, TodoListViewModel todoListDto)
{
if (!ModelState.IsValid)
{
return Message(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState));
}
if (id != todoListDto.TodoListId)
{
return StatusCode(HttpStatusCode.BadRequest);
}
TodoList todoList = todoListDto.ToEntity();
if (!String.Equals(db.Entry(todoList).Entity.UserId, User.Identity.GetUserId(), StringComparison.OrdinalIgnoreCase))
{
// Trying to modify a record that does not belong to the user
return StatusCode(HttpStatusCode.Unauthorized);
}
db.Entry(todoList).State = EntityState.Modified;
try
{
db.SaveChanges();
}
catch (DbUpdateConcurrencyException)
{
return StatusCode(HttpStatusCode.InternalServerError);
}
return StatusCode(HttpStatusCode.OK);
}
public HttpResponseMessage PostTodoList(TodoListViewModel todoListDto)
{
if (!ModelState.IsValid)
{
return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState);
}
todoListDto.UserId = User.Identity.GetUserId();
TodoList todoList = todoListDto.ToEntity();
db.TodoLists.Add(todoList);
db.SaveChanges();
todoListDto.TodoListId = todoList.TodoListId;
HttpResponseMessage response = Request.CreateResponse(HttpStatusCode.Created, todoListDto);
response.Headers.Location = new Uri(Url.Link("TodoList", new { id = todoListDto.TodoListId }));
return response;
}