public IHttpActionResult Delete(int commentId)
{
//only administrator or comment owner can delete the comment, so first let's retrieve the comment
var comment = _customerCommentService.GetById(commentId);
if (comment == null)
{
return(Response(new { Success = false, Message = "Comment doesn't exist" }));
}
//so who is ringing the bell?
if (comment.CustomerId != _workContext.CurrentCustomer.Id && !_workContext.CurrentCustomer.IsAdmin())
{
return(Response(new { Success = false, Message = "Unauthorized" }));
}
//come in and delete the comment
_customerCommentService.Delete(comment);
return(Response(new { Success = true }));
}
