public JsonResult DeleteReply(int replyid)
{
int id = replyid;
var reply = _db.Replies.Find(id);
if (reply == null)
{
return(Json(new { errmsg = "无效的id" }));
}
if (reply.Author != User.Identity.Name && !User.IsInRole("Administrator") && !User.IsInRole("Moderator"))
{
return(Json(new { errmsg = "你tmd没权限删除" }));
}
if (User.Identity.Name != reply.Author)
{
_adminUtil.log(User.Identity.Name, "deletereply", _blogUtil.GetPostLink(reply.post));
}
_db.Replies.Remove(reply);
_db.SaveChanges();
return(Json(true));
}
public ActionResult Comment(int id)
{
var post = _db.Posts.Find(id);
if (post == null)
{
return(NotFound());
}
if (post.Author != User.Identity.Name && !User.IsInRole("Administrator") && !User.IsInRole("Moderator"))
{
return(Unauthorized());
}
if (User.Identity.Name != post.Author)
{
_adminUtil.log(User.Identity.Name, "deletepost", _blogUtil.GetPostLink(post));
}
TriggerDeletePost(post);
_db.Posts.Remove(post);
_db.SaveChanges();
return(Ok());
}