public async Task<IHttpActionResult> PostItemComment(ItemCommentBindModel itemComment)
{
if (!ModelState.IsValid)
{
return BadRequest(ModelState);
}
string UserId = User.Identity.GetUserId();
var claims = await UserManager.GetClaimsAsync(UserId);
bool ReadonlyComments = claims.Where(c => c.Type == "comments" && c.Value == "readonly").Any();
if (ReadonlyComments)
{
return BadRequest("You may only read.");
}
ItemComment comment = new ItemComment()
{
ItemId = itemComment.ItemId,
Text = itemComment.Text,
UserId = UserId,
Date = DateTime.UtcNow,
};
db.ItemComments.Add(comment);
await db.SaveChangesAsync();
var commentView = new ItemCommentViewModel()
{
Id = comment.Id,
ItemId = comment.ItemId,
Date = comment.Date,
Text = comment.Text,
UserName = UserManager.FindById(comment.UserId).UserName,
};
return CreatedAtRoute("DefaultApi", new { id = comment.Id }, commentView);
}
public async Task<IHttpActionResult> PutItemComment(int id, ItemComment itemComment)
{
if (!ModelState.IsValid)
{
return BadRequest(ModelState);
}
if (id != itemComment.Id)
{
return BadRequest();
}
db.Entry(itemComment).State = EntityState.Modified;
try
{
await db.SaveChangesAsync();
}
catch (DbUpdateConcurrencyException)
{
if (!ItemCommentExists(id))
{
return NotFound();
}
else
{
throw;
}
}
return StatusCode(HttpStatusCode.NoContent);
}
