public async Task <ActionResult <PostCommentDTO> > PutPostComment(PostCommentDTO updateComment, int commentId) { // Test to see if claim == post.UserId or policy is admin // if so allow the update // if not don't allow it var comment = await _postComment.GetASpecificComment(commentId); var usersRoles = UserClaimsGetters.GetUserRoles(User, _userManager); if (UserClaimsGetters.GetUserId(User) == comment.UserId || usersRoles.Contains("Admin") || usersRoles.Contains("Owner")) { var commentUpdate = await _postComment.Update(updateComment, commentId); if (commentUpdate != null) { return(commentUpdate); } return(BadRequest()); } throw new Exception("You are not authorized to Update that Comment."); }
public async Task <ActionResult <Comment> > UpdatePost(Comment comment, int id) { await _repo.Update(comment, id); return(Ok(comment)); }