public ActionResult Post(string username, int id)
{
if (string.IsNullOrEmpty(username))
{
return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
}
PostViewModel model = new PostViewModel();
// find the post specified
bool isAuth = User.IsInRole("Admin");
var post = db.BlogPosts.Where(p => p.BlogPostId == id && (p.Published || p.Blog.User.Username == User.Identity.Name || isAuth)).FirstOrDefault();
if (post != null)
{
model = new PostViewModel(post);
if (post.System)
{
ViewBag.Title = model.Title + " - " + Config.BlogConfig.Title + " - " + Config.Title;
ViewBag.Description = Config.BlogConfig.Description;
}
else
{
ViewBag.Title = username + "'s Blog - " + Config.Title;
if (!string.IsNullOrEmpty(post.Blog.User.BlogSettings.Title))
{
ViewBag.Title = post.Blog.User.BlogSettings.Title + " - " + ViewBag.Title;
}
ViewBag.Title = model.Title + " - " + ViewBag.Title;
ViewBag.Description = post.Blog.User.BlogSettings.Description;
}
return View("~/Areas/Blog/Views/Blog/ViewPost.cshtml", model);
}
model.Error = true;
model.ErrorMessage = "Blog Post does not exist.";
return View("~/Areas/Blog/Views/Blog/ViewPost.cshtml", model);
}
public ActionResult EditPost(int postID, string title, string article)
{
PostViewModel model = new PostViewModel();
if (ModelState.IsValid)
{
BlogPost post = db.BlogPosts.Where(p => p.BlogPostId == postID).FirstOrDefault();
if (post != null)
{
model = new PostViewModel(post);
if (User.IsInRole("Admin") || post.Blog.User.Username == User.Identity.Name)
{
// Validate the fields
if (string.IsNullOrEmpty(title))
{
model.Error = true;
model.ErrorMessage = "You must write something for the title";
return View("~/Areas/Blog/Views/Blog/EditPost.cshtml", model);
}
if (string.IsNullOrEmpty(article))
{
model.Error = true;
model.ErrorMessage = "You must write something for the article";
return View("~/Areas/Blog/Views/Blog/EditPost.cshtml", model);
}
post.Title = title;
post.Article = article;
post.DateEdited = DateTime.Now;
db.Entry(post).State = EntityState.Modified;
db.SaveChanges();
return Redirect(Url.SubRouteUrl("blog", "Blog.Post", new { username = post.Blog.User.Username, id = post.BlogPostId }));
}
model.Error = true;
model.ErrorMessage = "You are not authorized to edit this post";
return View("~/Areas/Blog/Views/Blog/EditPost.cshtml", model);
}
model.Error = true;
model.ErrorMessage = "Post does not exist.";
return View("~/Areas/Blog/Views/Blog/ViewPost.cshtml", model);
}
model.Error = true;
model.ErrorMessage = "Invalid Parameters";
return View("~/Areas/Blog/Views/Blog/EditPost.cshtml", model);
}
