public ActionResult MakeOrder(OrderViewModel model)
{
if (!ModelState.IsValid)
{
ViewBag.Payments = DataManager.PaymentMethod.GetPaymentMethods();
ViewBag.Deliveries = DataManager.Delivery.GetDeliveryMethods();
ViewBag.Contacts = DataManager.Contact.GetContactMethods();
ViewBag.IngridientsBuyers = DataManager.IngridientsBuyer.GetIngridientsBuyers();
ViewBag.Cities = DataManager.Geolocation.GetAllCities();
return View(model);
}
var userId = User.Identity.GetUserId();
var cook = DataManager.User.GetUserById(model.idCook);
var dish = DataManager.Dish.GetDishById(model.idDish);
//защита от скул хакеров
if(cook==null || dish == null || userId == cook.Id)
{
return RedirectToAction("index", "home");
}
order result = new order
{
Address = model.Address,
Comment = model.Comment,
CreateTime = DateTime.Now,
id_IngridientsBuyer = model.ingridientBuyer,
DeadLine = model.DeadLine,
Email = model.Email,
FirstName = model.FirstName,
Id_ContactMethod = model.contactMethod,
Id_Cook = model.idCook,
Id_Customer = userId,
Id_Delivery = model.delivery,
Id_PaymentMethod = model.paymentMethod,
Id_Status = 1,// новый
Phone = model.Phone,
Surname = model.Surname,
id_city = model.City
};
List<orderproduct> resultProducts = new List<orderproduct>();
resultProducts.Add(new orderproduct {
Id_Dish = dish.Id_Dish,
Price = dish.Price,
PriceWithIngridients = dish.PriceWithIngridient
});
DataManager.Order.AddOrder(result, resultProducts);
return RedirectToAction("success");
}