public async Task <IActionResult> SubCommentUpdate(SubComment vm)
        {
            var post = _uniofWork.Post.GetPostByMainCommentId(vm.MainCommentId);

            if (!ModelState.IsValid)
            {
                return(RedirectToAction("Details", new { id = post.Id }));
            }

            if (ModelState.IsValid)
            {
                var comment = await _uniofWork.SubComment.GetByIdAsync(vm.Id);

                if (comment == null)
                {
                    return(RedirectToAction("Details", new { id = post.Id }));
                }

                // access to edit have admin, moderator and post author
                bool result = AccessRights.AuthorAdminAccessRight(HttpContext, comment.ApplicationUserId, _db);
                if (!result)
                {
                    return(new RedirectResult("~/Identity/Account/AccessDenied"));
                }

                comment.Message = vm.Message;
                await _uniofWork.SaveChangesAsync();
            }

            return(RedirectToAction("Details", new { id = post.Id }));
        }
Beispiel #2
0
        public async Task <IActionResult> AddOrEdit(int id = 0)
        {
            //var ids = GetUserInfo();
            PostVM postVM = new PostVM()
            {
                Post         = new Post(),
                CategoryList = _uniofWork.Category.GetSelectListAsync()
            };

            if (id == 0)
            {
                return(View(postVM));
            }
            else
            {
                postVM.Post = await _uniofWork.Post.GetByIdAsync(id);
            }

            // access to edit have admin, moderator and post author
            bool result = AccessRights.AuthorAdminAccessRight(HttpContext, postVM.Post.ApplicationUserId, _db);

            if (result)
            {
                return(View(postVM));
            }
            return(new RedirectResult("~/Identity/Account/AccessDenied"));
        }
        public async Task <IActionResult> DeleteSubComment(int id)
        {
            var comment = await _uniofWork.SubComment.GetByIdAsync(id);

            if (comment == null)
            {
                return(Json(new { success = false, message = "Error while deleting" }));
            }

            // Check user permissions
            bool result = AccessRights.AuthorAdminAccessRight(HttpContext, comment.ApplicationUserId, _db);

            if (!result)
            {
                return(Json(new { success = false, message = "Access Denied. You do not have rights for deleting." }));
            }

            await _uniofWork.SubComment.DeleteComment(id);

            await _uniofWork.SaveChangesAsync();

            return(Json(new { success = true, message = "Delete Successful" }));
        }