public async Task <IActionResult> Edit(int id, NewsMinifiedBindingModel model) { var userId = this.userManager.GetUserId(User); var newsAuthorId = await this.news.AuthorId(id); if (newsAuthorId != userId && !User.IsInRole("Administrator")) { return(BadRequest()); } await this.news.Edit(id, model.Title, model.Description, model.ImageUrl); return(RedirectToAction(nameof(All))); }
public async Task <IActionResult> Delete(int id, NewsMinifiedBindingModel model) { var userId = this.userManager.GetUserId(User); var newsAuthorId = await this.news.AuthorId(id); if (newsAuthorId != userId && !User.IsInRole("Administrator")) { return(BadRequest()); } var success = await this.news.Delete(id); if (!success) { return(BadRequest()); } return(RedirectToAction(nameof(All))); }