public async Task <ActionResult <ReleaseNews> > PostReleaseNews(ReleaseNews releaseNews) { var userId = User.FindFirstValue(ClaimTypes.NameIdentifier); // will give the user's userId var user = await _userManager.FindByIdAsync(userId); var role = await _userManager.GetRolesAsync(user); if (role.Count == 0 || role[0] != "Admin") { return(Forbid()); } releaseNews.CreatedDate = DateTime.Now; _context.News.Add(releaseNews); await _context.SaveChangesAsync(); return(CreatedAtAction("GetReleaseNews", new { id = releaseNews.Id }, releaseNews)); }
public async Task <IActionResult> PutReleaseNews(int id, ReleaseNews releaseNews) { if (id != releaseNews.Id) { return(BadRequest()); } var userId = User.FindFirstValue(ClaimTypes.NameIdentifier); // will give the user's userId var user = await _userManager.FindByIdAsync(userId); var role = await _userManager.GetRolesAsync(user); if (role.Count == 0 || role[0] != "Admin") { return(Forbid()); } releaseNews.UpdatedDate = DateTime.Now; _context.Entry(releaseNews).State = EntityState.Modified; try { await _context.SaveChangesAsync(); } catch (DbUpdateConcurrencyException) { if (!ReleaseNewsExists(id)) { return(NotFound()); } else { throw; } } return(NoContent()); }