public IActionResult EditPost(PostPatch parameters)
{
var userID = JWTUtility.GetUserID(HttpContext);
var role = JWTUtility.GetRole(HttpContext);
var post = (from posts in _context.Posts
where posts.Id == parameters.ID
select posts).Single();
if (role != RoleType.Admin && post.Userid != userID)
{
return(BadRequest(new { error = "You do not have permission to edit this post" }));
}
if (parameters.Post.Count() > _maxPostCharacterCount)
{
return(BadRequest(new { error = "Your post has too many characters" }));
}
post.Editdate = DateTime.Now;
post.Post = parameters.Post;
_context.SaveChanges();
return(Ok());
}
public IActionResult DeletePost(PostDelete parameters)
{
var userID = JWTUtility.GetUserID(HttpContext);
var role = JWTUtility.GetRole(HttpContext);
var post = (from posts in _context.Posts
where posts.Id == parameters.ID
select posts).Single();
if (role != RoleType.Admin && post.Userid != userID)
{
return(BadRequest(new { error = "You do not have permission to delete this post" }));
}
var comments = from cmts in _context.Comments
where cmts.Postid == parameters.ID
select cmts;
var likes = from lks in _context.Likes
where lks.Postid == parameters.ID
select lks;
_context.Likes.RemoveRange(likes);
_context.Comments.RemoveRange(comments);
_context.Posts.Remove(post);
_context.SaveChanges();
return(Ok());
}
public IActionResult DeleteComment(CommentDelete parameters)
{
var userID = JWTUtility.GetUserID(HttpContext);
var role = JWTUtility.GetRole(HttpContext);
var comment = (from comments in _context.Comments
where comments.Id == parameters.CommentID
select comments).Single();
if (role != RoleType.Admin && comment.Userid != userID)
{
return(BadRequest(new { error = "You do not have permission to delete this post" }));
}
_context.Comments.Remove(comment);
_context.SaveChanges();
return(Ok());
}
public IActionResult EditComment(CommentEditPatch parameters)
{
var userID = JWTUtility.GetUserID(HttpContext);
var role = JWTUtility.GetRole(HttpContext);
var comment = (from comments in _context.Comments
where comments.Id == parameters.CommentID
select comments).Single();
if (role != RoleType.Admin && comment.Userid != userID)
{
return(BadRequest(new { error = "You do not have permission to edit this post" }));
}
comment.Editdate = DateTime.Now;
comment.Comment = parameters.Comment;
_context.SaveChanges();
return(Ok());
}