public async Task <IActionResult> Create(int Id, [Bind("Text")] string Text) { //if (ModelState.IsValid) if ((Text != null) && (Text.Length > 0)) { User user; if (signInManager.IsSignedIn(User)) { user = (await signInManager.UserManager.GetUserAsync(User)); } else { // check api key return(Json(JsonError.ERROR_ACCESS_DENIED)); } Group group = await _context.Group.Include(g => g.Participants).Include(g => g.Admins).FirstOrDefaultAsync(g => g.Id.Equals(Id)); bool b; if (!((User.IsInRole("Admin") || (GroupsController.CheckUserRightsToPost(group, user.Id, out b))))) { return(Json(JsonError.ERROR_ACCESS_DENIED)); } Comment comment = new Comment(Id, user.Id, Text); _context.Comment.Add(comment); await _context.SaveChangesAsync(); return(await apiIndex(Id)); } return(Json(new { error = "Data error" })); }
public async Task <IActionResult> Create(string Id, [Bind("Text")] string Text) { //if (ModelState.IsValid) if (Text.Length > 0) { User user; if (signInManager.IsSignedIn(User)) { user = (await signInManager.UserManager.GetUserAsync(User)); } else { // check api key return(Json(JsonError.ERROR_ACCESS_DENIED)); } var document = await _context.Document.Include(d => d.Group).ThenInclude(g => g.Subscribers).Include(d => d.Group).ThenInclude(g => g.Participants).Include(d => d.Group).ThenInclude(g => g.Admins).Include(d => d.Comments).ThenInclude(c => c.User).Include(d => d.Likes) .Include(d => d.User).FirstOrDefaultAsync(d => d.Id.Equals(Id)); bool b; if (!((User.IsInRole("Admin")) || (document.GroupId == null) || (GroupsController.CheckUserRightsToPost(document.Group, user.Id, out b)))) { return(Json(JsonError.ERROR_ACCESS_DENIED)); } Text = GroupsController.ClearBodyHtml(Text); Comment comment = new Comment(Id, user.Id, Text); _context.Comment.Add(comment); await _context.SaveChangesAsync(); return(await apiIndex(Id)); } return(Json(new { error = "Data error" })); }