public ActionResult EditPost(Models.Post post)
{
int pId = Request.QueryString["id"].AsInt(0);
//Fetch the post details
Models.Post p = new Models.Post();
p = p.GetPost(pId);
//Is the user authenticated?
if (Session["userID"] != null)
{
//Is the user an administrator or the post's author?
if ((int)Session["userID"] == p.author || (int)Session["admin"] == 1)
{
if (ModelState.IsValid)
{
if (post.Edit(pId, post.title, post.body))
{
return(RedirectToAction("Index", "Home"));
}
else
{
ModelState.AddModelError("", "Edit failed");
}
}
//Go to the post
return(View(p));
}
else
{
return(RedirectToAction("Index", "Home"));
}
}
else
{
return(RedirectToAction("Index", "Home"));
}
}
//Delete the post based on the URI, after veryfiying the user is authorised to do so
public ActionResult DeletePost()
{
int pId = Request.QueryString["id"].AsInt(0);
//Fetch the post details
Models.Post p = new Models.Post();
p = p.GetPost(pId);
//Is the user authenticated?
if (Session["userID"] != null)
{
//Is the user an administrator or the post's author?
if ((int)Session["userID"] == p.author || (int)Session["admin"] == 1)
{
//Delete the post
p.Delete(pId);
}
}
return(RedirectToAction("Index", "Home"));
}