public IHttpActionResult AddComment(int postId, CommentBindingModel model) { var post = this.Data.Posts.All().FirstOrDefault(p => p.Id == postId); if (post == null) { return this.BadRequest(String.Format("there is no post with id {0}", postId)); } if (post.IsPostHidden) { return this.NotFound(); } if (!this.ModelState.IsValid) { return this.BadRequest(this.ModelState); } var currentUserId = this.User.Identity.GetUserId(); var loggedUser = this.Data.ApplicationUsers.All().FirstOrDefault(u => u.Id == currentUserId); bool isFriend = loggedUser.Friends.Any(f => f.Id == post.WallOwnerId || f.Id == post.OwnerId); // You can comment only your friends posts or comment posts on your friends wall if (!isFriend && currentUserId != post.WallOwnerId) { return this.BadRequest("You can comment only friend posts"); } var comment = new Comment() { Content = model.Content, PostId = postId, CreatedOn = DateTime.Now, CommentOwner = loggedUser, PostOwner = post.Owner }; this.Data.Comments.Add(comment); this.Data.SaveChanges(); var postedComment = this.Data.Comments.All() .Where(c => c.Id == comment.Id) .Select(CommentViewModel.Create) .FirstOrDefault(); return this.Ok(postedComment); }
public IHttpActionResult EditComment(int commentId, CommentBindingModel model) { if (model == null) { return this.BadRequest("Model cannot be null"); } if (!this.ModelState.IsValid) { return this.BadRequest(this.ModelState); } var comment = this.Data.Comments.All().FirstOrDefault(c => c.Id == commentId); if (comment == null) { return this.NotFound(); } var currentUserId = this.User.Identity.GetUserId(); if (currentUserId != comment.CommentOwner.Id) { return this.Unauthorized(); } comment.Content = model.Content; this.Data.SaveChanges(); var viewModel = this.Data.Comments.All().Where(c => c.Id == commentId).Select(CommentViewModel.Create); return this.Ok(viewModel); }