WEBVTT 00:00.000 --> 00:05.580 Okay, now that we've got our entities, let's take a look at creating an orders controller inside here. 00:05.580 --> 00:07.890 So I'll create a new file in the controllers folder. 00:07.920 --> 00:11.820 I'll make this a class and I'll call it Orders Controller. 00:11.850 --> 00:14.550 And inside here we're going to create some endpoints. 00:14.550 --> 00:18.960 And we'll start off with the easy ones I guess which is going to be the Get requests. 00:18.960 --> 00:22.740 And this is going to derive from the base API controller. 00:22.740 --> 00:30.270 And we're going to inject our store context into this to give us access of course to our database. 00:30.270 --> 00:33.840 And inside here we're going to have an HTTP get. 00:34.590 --> 00:38.790 And all of the endpoints in here are going to need authentication. 00:38.790 --> 00:47.310 So above the class I'm going to use the authorize attribute to ensure that anonymous users cannot hit 00:47.310 --> 00:50.310 and get data from these endpoints. 00:50.940 --> 00:54.750 So we'll use a public async task. 00:54.750 --> 01:00.210 And we are going to return from this an action result of type list. 01:00.210 --> 01:06.030 That's going to be an order and we'll call it get orders. 01:06.060 --> 01:10.410 That takes no parameters, but we don't just want to return all of the orders. 01:10.440 --> 01:15.360 We've got different users and different accounts that have orders specific to. 01:15.390 --> 01:16.170 That user. 01:16.170 --> 01:21.390 So we're only going to return them that match the user that's authenticating to this endpoint. 01:21.390 --> 01:27.390 So we'll use var orders equals and we'll use await context dot orders. 01:27.660 --> 01:37.770 And then we're going to include and say x arrow x dot order items. 01:38.460 --> 01:47.220 And we're going to add a where and we'll say x add the arrow x dot buyer email that's equal to the user's 01:47.220 --> 01:49.230 identity dot name. 01:50.130 --> 01:54.060 And then we'll specify two list a sync. 01:54.360 --> 02:00.370 But we've got an issue here because our identity our compiler at this point doesn't know if identity 02:00.370 --> 02:03.430 is null or is an actual user. 02:03.430 --> 02:06.370 So we need to be defensive here. 02:06.370 --> 02:09.190 But can we get away with using the optional. 02:09.220 --> 02:15.370 Of course not, because we're going to get an error at this point because an expression tree lambda 02:15.400 --> 02:18.760 may not contain a null propagating operator. 02:18.790 --> 02:20.020 Okay, fine. 02:20.020 --> 02:22.090 So we need to do something with this. 02:22.090 --> 02:28.450 And the approach we'll take is our user is a type of claims principle. 02:28.450 --> 02:35.020 And we'll add another extension method that allows us to get the username which is the same as the email 02:35.020 --> 02:35.590 in this case. 02:35.590 --> 02:39.250 So username via email I'll use the terms interchangeably. 02:39.250 --> 02:43.810 But we'll add an extension method to our claims principle so that we can use a method just to get the 02:43.810 --> 02:47.440 username and guarantee that username is available. 02:47.440 --> 02:53.530 So we'll head to our extensions folder and we'll create a new file that's going to be a class. 02:53.530 --> 02:59.380 And we'll call it Claims Principal Extensions. 03:00.020 --> 03:07.700 And inside here we'll make this a static class because it's going to contain static methods and we'll 03:07.700 --> 03:10.160 use public static. 03:10.160 --> 03:14.900 And this is going to return a string and we'll call it get username. 03:15.320 --> 03:20.810 And we'll say this claims principal and we'll call it user. 03:21.200 --> 03:28.430 And we will return the user dot identity dot name. 03:29.150 --> 03:32.150 And we'll use the double question mark. 03:32.150 --> 03:34.280 So we execute anything to the right of that. 03:34.280 --> 03:38.750 And we'll use the optional chaining here or the optional operator there. 03:38.780 --> 03:48.590 So anything to the right of this double question mark will just throw a new unauthorized access exception. 03:48.740 --> 03:53.180 And that guarantees us that what we return from this is going to be a username. 03:53.180 --> 03:56.630 Because if that is null, then we're just going to throw an exception. 03:56.750 --> 03:59.300 So if we go back to our orders Ordered controller. 03:59.300 --> 04:05.600 We can then use our user and get username and now we don't get any problems. 04:05.600 --> 04:13.940 And then below the two list async we can return the orders and below this Http.get will also create 04:13.940 --> 04:16.670 an endpoint to get an individual order. 04:17.120 --> 04:22.670 So inside here we'll specify quotes, open curly brackets and then specify an id. 04:22.970 --> 04:29.000 Another thing we can do inside this parameter if we wish to is we can specify the type that we're expecting. 04:29.000 --> 04:33.260 This does work for integers and it's an option we can include if we want to. 04:33.290 --> 04:38.300 I don't see a huge amount of benefits in that, but it's something we can add just to ensure the property 04:38.300 --> 04:40.760 that we are passing in is a number. 04:41.180 --> 04:43.640 And I'll use it just in this example. 04:43.670 --> 04:49.850 And then we can return an action result, a task of action result that's going to be an order. 04:50.180 --> 04:53.990 And we'll call it get order details. 04:54.410 --> 05:06.750 And we'll pass in the int that's an ID And we'll use var order equals await context dot orders and we'll 05:06.750 --> 05:13.800 specify where as we still want to make sure that the user that's authenticating is the buyer of this 05:13.800 --> 05:14.610 order. 05:14.610 --> 05:17.430 So we'll use x goes to x dot via email. 05:17.430 --> 05:27.210 That's equal to the user dot get username and the id is equal to x.id. 05:27.720 --> 05:31.530 And then we can use first or default async. 05:32.100 --> 05:36.180 And because of course the order may not exist in our database. 05:36.180 --> 05:38.250 We'll check to see if we have it. 05:38.250 --> 05:39.180 So we'll use. 05:39.210 --> 05:46.830 If order is equal to null then we'll just return a not found from this. 05:46.980 --> 05:50.430 And then we can go and return the order. 05:50.970 --> 05:55.320 So that takes care of the get methods that we need inside our orders controller. 05:55.320 --> 05:59.250 And next we'll take a look at what we need to do to create a new order.