// POST api/Todo
public HttpResponseMessage PostTodoItem(TodoItemDto todoItemDto)
{
if (!ModelState.IsValid)
{
return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState);
}
TodoList todoList = db.TodoLists.Find(todoItemDto.TodoListId);
if (todoList == null)
{
return Request.CreateResponse(HttpStatusCode.NotFound);
}
if (todoList.UserId != User.Identity.Name)
{
// Trying to add a record that does not belong to the user
return Request.CreateResponse(HttpStatusCode.Unauthorized);
}
TodoItem todoItem = todoItemDto.ToEntity();
// Need to detach to avoid loop reference exception during JSON serialization
db.Entry(todoList).State = EntityState.Detached;
db.TodoItems.Add(todoItem);
db.SaveChanges();
todoItemDto.TodoItemId = todoItem.TodoItemId;
HttpResponseMessage response = Request.CreateResponse(HttpStatusCode.Created, todoItemDto);
response.Headers.Location = new Uri(Url.Link("DefaultApi", new { id = todoItemDto.TodoItemId }));
return response;
}