public async Task <IActionResult> SubCommentUpdate(SubComment vm)
{
var post = _uniofWork.Post.GetPostByMainCommentId(vm.MainCommentId);
if (!ModelState.IsValid)
{
return(RedirectToAction("Details", new { id = post.Id }));
}
if (ModelState.IsValid)
{
var comment = await _uniofWork.SubComment.GetByIdAsync(vm.Id);
if (comment == null)
{
return(RedirectToAction("Details", new { id = post.Id }));
}
// access to edit have admin, moderator and post author
bool result = AccessRights.AuthorAdminAccessRight(HttpContext, comment.ApplicationUserId, _db);
if (!result)
{
return(new RedirectResult("~/Identity/Account/AccessDenied"));
}
comment.Message = vm.Message;
await _uniofWork.SaveChangesAsync();
}
return(RedirectToAction("Details", new { id = post.Id }));
}
public async Task <IActionResult> AddOrEdit(int id = 0)
{
//var ids = GetUserInfo();
PostVM postVM = new PostVM()
{
Post = new Post(),
CategoryList = _uniofWork.Category.GetSelectListAsync()
};
if (id == 0)
{
return(View(postVM));
}
else
{
postVM.Post = await _uniofWork.Post.GetByIdAsync(id);
}
// access to edit have admin, moderator and post author
bool result = AccessRights.AuthorAdminAccessRight(HttpContext, postVM.Post.ApplicationUserId, _db);
if (result)
{
return(View(postVM));
}
return(new RedirectResult("~/Identity/Account/AccessDenied"));
}
public async Task <IActionResult> DeleteSubComment(int id)
{
var comment = await _uniofWork.SubComment.GetByIdAsync(id);
if (comment == null)
{
return(Json(new { success = false, message = "Error while deleting" }));
}
// Check user permissions
bool result = AccessRights.AuthorAdminAccessRight(HttpContext, comment.ApplicationUserId, _db);
if (!result)
{
return(Json(new { success = false, message = "Access Denied. You do not have rights for deleting." }));
}
await _uniofWork.SubComment.DeleteComment(id);
await _uniofWork.SaveChangesAsync();
return(Json(new { success = true, message = "Delete Successful" }));
}
