public async Task <ActionResult <UserPageDTO> > PutAPage(UserPageDTO pageDTO, int pageId) { // Test to see if claim == page.UserId or policy is admin // if so allow the update // if not don't allow it var page = await _userPage.GetASpecificPage(pageId); var usersRoles = UserClaimsGetters.GetUserRoles(User, _userManager); if (UserClaimsGetters.GetUserId(User) == page.UserId || usersRoles.Contains("Admin") || usersRoles.Contains("Owner")) { try { var updatedPage = await _userPage.Update(pageDTO, pageId); return(updatedPage); } catch (Exception e) { throw new Exception($"Update action exception message: {e.Message}"); } } throw new Exception("You are not authorized to Update that Page."); }
public async Task <IActionResult> DeletePost(int postId) { // Test to see if claim == post.UserId or policy is admin // if so allow the delete // if not don't allow it var post = await _userPost.GetASpecificPost(postId); var usersRoles = UserClaimsGetters.GetUserRoles(User, _userManager); if (UserClaimsGetters.GetUserId(User) == post.UserId || usersRoles.Contains("Admin") || usersRoles.Contains("Owner")) { try { await _userPost.Delete(postId); return(Ok()); } catch (Exception e) { throw new Exception($"Delete action exception message: {e.Message}"); } } throw new Exception("You are not authorized to Delete that Post."); }
public async Task <IActionResult> PostAnImageToPost(int postId, int imageId) { // ====================== TODO: How are we going to deal with S3? ========================= // Do we have this controller call the PostImage Controller? // Do we make the client do it? // Cant test till this is completed // ======================================================================================== var post = await _userPost.GetASpecificPost(postId); var usersRoles = UserClaimsGetters.GetUserRoles(User, _userManager); if (UserClaimsGetters.GetUserId(User) == post.UserId || usersRoles.Contains("Admin") || usersRoles.Contains("Owner")) { try { await _userPost.AddAnImageToAPost(postId, imageId); return(Ok()); } catch (Exception e) { throw new Exception($"Cannot add the image to the post: {e.Message}"); } } throw new Exception("You are not authorized to Add that Image to the Post."); }
public async Task <IActionResult> DeleteAnImageFromPost(int postId, int imageid) { // ====================== TODO: Same here how are we going to deal with S3 =============== // Cant test till this is completed // ======================================================================================= var post = await _userPost.GetASpecificPost(postId); var usersRoles = UserClaimsGetters.GetUserRoles(User, _userManager); if (UserClaimsGetters.GetUserId(User) == post.UserId || usersRoles.Contains("Admin") || usersRoles.Contains("Owner")) { try { await _userPost.DeleteAnImageFromAPost(postId, imageid); return(Ok()); } catch (Exception e) { throw new Exception($"Cannot delete the image from the post: {e.Message}"); } } throw new Exception("You are not authorized to Delete that Image from the Post."); }
public async Task <IActionResult> DeletePostComment(int commentId) { // Test to see if claim == post.UserId or policy is admin // if so allow the delete // if not don't allow it var comment = await _postComment.GetASpecificComment(commentId); var usersRoles = UserClaimsGetters.GetUserRoles(User, _userManager); // TODO: Need to figure out how to allow the Post's owner is allowed to delete another user's comment if (UserClaimsGetters.GetUserId(User) == comment.UserId || usersRoles.Contains("Admin") || usersRoles.Contains("Owner")) { try { await _postComment.Delete(commentId); return(Ok()); } catch (Exception e) { throw new Exception($"Delete action exception message: {e.Message}"); } } throw new Exception("You are not authorized to Delete that Comment."); }
public async Task <ActionResult <PostCommentDTO> > PostPostComment(PostCommentDTO newComment) { var comment = await _postComment.Create(newComment, UserClaimsGetters.GetUserId(User)); if (comment != null) { return(comment); } return(BadRequest()); }
public async Task <ActionResult <PostImageDTO> > PostPostImage(CreatePostImageDTO newImage) { var image = await _postImage.Create(newImage, UserClaimsGetters.GetUserId(User)); if (image != null) { return(Ok()); } return(BadRequest()); }
public async Task <ActionResult <LikeDTO> > GetCommentLikes(int commentId) { var likeData = await _postComment.GetCommentsLikes(commentId, UserClaimsGetters.GetUserId(User)); if (likeData != null) { return(likeData); } return(BadRequest()); }
public async Task <ActionResult <LikeDTO> > GetPostLikes(int postId) { var likeData = await _userPost.GetPostLikes(postId, UserClaimsGetters.GetUserId(User)); if (likeData != null) { return(likeData); } return(BadRequest()); }
public async Task <IActionResult> PostPageLike(int pageId) { try { await _userPage.AddALikeToAPage(pageId, UserClaimsGetters.GetUserId(User)); return(Ok()); // Maybe resend the 'like' data } catch (Exception e) { throw new Exception($"Tried to add a like to a page: {e.Message}"); } }
public async Task <IActionResult> DeletePostLike(int postId) { try { await _userPost.DeleteALike(postId, UserClaimsGetters.GetUserId(User)); return(Ok()); } catch (Exception e) { throw new Exception($"Cannot delete that like: {e.Message}"); } }
public async Task <IActionResult> PostPostLike(int postId) { try { await _userPost.AddALikeToAPost(postId, UserClaimsGetters.GetUserId(User)); return(Ok()); } catch (Exception e) { throw new Exception($"Tried to add a like to a post: {e.Message}"); } }
public async Task <IActionResult> PostCommentLike(int commentId) { try { await _postComment.AddLikeToComment(commentId, UserClaimsGetters.GetUserId(User)); return(Ok()); } catch (Exception e) { throw new Exception($"Tried to add a like to a post: {e.Message}"); } }
public async Task <ActionResult <UserPostDTO> > PostUserPost(UserPostDTO newPost) { if (newPost.UserId == null) { newPost.UserId = UserClaimsGetters.GetUserId(User); } var post = await _userPost.Create(newPost); if (post != null) { return(Ok()); } return(BadRequest()); }
public async Task <IActionResult> DeletePageLike(int pageId) { // Test to see if claim == post.UserId or policy is admin // if so allow the delete // if not don't allow it try { await _userPage.DeleteALike(pageId, UserClaimsGetters.GetUserId(User)); return(Ok()); } catch (Exception e) { throw new Exception($"Cannot delete that like: {e.Message}"); } }
public async Task <IActionResult> DeleteUserPostFromPage(int pageId, int postId) { var page = await _userPage.GetASpecificPage(pageId); var usersRoles = UserClaimsGetters.GetUserRoles(User, _userManager); if (UserClaimsGetters.GetUserId(User) == page.UserId || usersRoles.Contains("Admin") || usersRoles.Contains("Owner")) { try { await _userPage.DeleteAPostFromAPage(pageId, postId); return(Ok()); } catch (Exception e) { throw new Exception($"Cannot delete that post from the page: {e.Message}"); } } throw new Exception("You are not authorized to delete that Page from that post."); }
public async Task <ActionResult <PostCommentDTO> > PutPostComment(PostCommentDTO updateComment, int commentId) { // Test to see if claim == post.UserId or policy is admin // if so allow the update // if not don't allow it var comment = await _postComment.GetASpecificComment(commentId); var usersRoles = UserClaimsGetters.GetUserRoles(User, _userManager); if (UserClaimsGetters.GetUserId(User) == comment.UserId || usersRoles.Contains("Admin") || usersRoles.Contains("Owner")) { var commentUpdate = await _postComment.Update(updateComment, commentId); if (commentUpdate != null) { return(commentUpdate); } return(BadRequest()); } throw new Exception("You are not authorized to Update that Comment."); }
public async Task <IActionResult> DeleteACommentFromPost(int postId, int commentId) { var post = await _userPost.GetASpecificPost(postId); var comment = await _postComment.GetASpecificComment(commentId); var usersRoles = UserClaimsGetters.GetUserRoles(User, _userManager); if (UserClaimsGetters.GetUserId(User) == post.UserId || UserClaimsGetters.GetUserId(User) == comment.UserId || usersRoles.Contains("Admin") || usersRoles.Contains("Owner")) { try { await _userPost.DeleteACommentFromAPost(postId, commentId); return(Ok()); } catch (Exception e) { throw new Exception($"Cannot delete the comment from the post: {e.Message}"); } } throw new Exception("You are not authorized to Delete that Post."); }
public async Task <ActionResult <UserPostDTO> > PutUserPost(UserPostDTO updatePost, int postId) { // Test to see if claim == post.UserId or policy is admin // if so allow the update // if not don't allow it //if (postId != updatePost.Id) //{ // return BadRequest(); //} var post = await _userPost.GetASpecificPost(postId); var usersRoles = UserClaimsGetters.GetUserRoles(User, _userManager); if (UserClaimsGetters.GetUserId(User) == post.UserId || usersRoles.Contains("Admin") || usersRoles.Contains("Owner")) { try { var postUpdate = await _userPost.Update(updatePost, postId); if (postUpdate != null) { return(postUpdate); } return(BadRequest()); } catch (Exception e) { throw new Exception($"Update error message: {e.Message}"); } } throw new Exception("You are not authorized to Update that Post."); }