using Microsoft.AspNet.Mvc; using MusicStore.Models; using System; using System.Linq; using System.Security.Principal; using System.Threading.Tasks; namespace MusicStore.Controllers { [Authorize] public class CheckoutController : Controller { private readonly MusicStoreContext db; public CheckoutController(MusicStoreContext context) { db = context; } const string PromoCode = "FREE"; // // GET: /Checkout/ public IActionResult AddressAndPayment() { return View(); } // // POST: /Checkout/AddressAndPayment //Bug: Using direct model binding until we have TryUpdateModel available. [HttpPost] //public IActionResult AddressAndPayment(FormCollection values) public async Task AddressAndPayment(Order order) { var formCollection = await Context.Request.GetFormAsync(); try { if (string.Equals(formCollection.GetValues("PromoCode").FirstOrDefault(), PromoCode, StringComparison.OrdinalIgnoreCase) == false) { return View(order); } else { // TODO [EF] Swap to store generated identity key when supported var nextId = db.Orders.Any() ? db.Orders.Max(o => o.OrderId) + 1 : 1; order.OrderId = nextId; order.Username = this.Context.User.Identity.GetUserName(); order.OrderDate = DateTime.Now; //Add the Order db.Orders.Add(order); //Process the order var cart = ShoppingCart.GetCart(db, this.Context); cart.CreateOrder(order); // Save all changes db.SaveChanges(); return RedirectToAction("Complete", new { id = order.OrderId }); } } catch { //Invalid - redisplay with errors return View(order); } } // // GET: /Checkout/Complete public IActionResult Complete(int id) { // Validate customer owns this order bool isValid = db.Orders.Any( o => o.OrderId == id && o.Username == this.Context.User.Identity.GetUserName()); if (isValid) { return View(id); } else { return View("Error"); } } } }