public IHttpActionResult Delete(int commentId) { //only administrator or comment owner can delete the comment, so first let's retrieve the comment var comment = _customerCommentService.GetById(commentId); if (comment == null) { return(Response(new { Success = false, Message = "Comment doesn't exist" })); } //so who is ringing the bell? if (comment.CustomerId != _workContext.CurrentCustomer.Id && !_workContext.CurrentCustomer.IsAdmin()) { return(Response(new { Success = false, Message = "Unauthorized" })); } //come in and delete the comment _customerCommentService.Delete(comment); return(Response(new { Success = true })); }