public async Task<IHttpActionResult> PutToDoList(int id, ToDoList toDoList)
{
if (!ModelState.IsValid)
{
return BadRequest(ModelState);
}
if (id != toDoList.Id)
{
return BadRequest();
}
var rowToEdit = await db.ToDoLists
.Where(a => a.Id == id)
.Select(b => new {
Id = b.Id,
UserId = b.UserId
})
.FirstOrDefaultAsync();
if (rowToEdit.UserId != User.Identity.GetUserId())
{
return Unauthorized();
}
db.Entry(toDoList).State = EntityState.Modified;
db.Entry(toDoList).Property("UserId").IsModified = false;
try
{
await db.SaveChangesAsync();
}
catch (DbUpdateConcurrencyException)
{
if (!ToDoListExists(id))
{
return NotFound();
}
else
{
throw;
}
}
return StatusCode(HttpStatusCode.NoContent);
}
public async Task<IHttpActionResult> PostToDoList(ToDoList toDoList)
{
if (!ModelState.IsValid)
{
return BadRequest(ModelState);
}
toDoList.UserId = User.Identity.GetUserId();
db.ToDoLists.Add(toDoList);
await db.SaveChangesAsync();
return CreatedAtRoute("DefaultApi", new { id = toDoList.Id }, toDoList);
}