public ActionResult Post(string username, int id) { if (string.IsNullOrEmpty(username)) { return new HttpStatusCodeResult(HttpStatusCode.BadRequest); } PostViewModel model = new PostViewModel(); // find the post specified bool isAuth = User.IsInRole("Admin"); var post = db.BlogPosts.Where(p => p.BlogPostId == id && (p.Published || p.Blog.User.Username == User.Identity.Name || isAuth)).FirstOrDefault(); if (post != null) { model = new PostViewModel(post); if (post.System) { ViewBag.Title = model.Title + " - " + Config.BlogConfig.Title + " - " + Config.Title; ViewBag.Description = Config.BlogConfig.Description; } else { ViewBag.Title = username + "'s Blog - " + Config.Title; if (!string.IsNullOrEmpty(post.Blog.User.BlogSettings.Title)) { ViewBag.Title = post.Blog.User.BlogSettings.Title + " - " + ViewBag.Title; } ViewBag.Title = model.Title + " - " + ViewBag.Title; ViewBag.Description = post.Blog.User.BlogSettings.Description; } return View("~/Areas/Blog/Views/Blog/ViewPost.cshtml", model); } model.Error = true; model.ErrorMessage = "Blog Post does not exist."; return View("~/Areas/Blog/Views/Blog/ViewPost.cshtml", model); }
public ActionResult EditPost(int postID, string title, string article) { PostViewModel model = new PostViewModel(); if (ModelState.IsValid) { BlogPost post = db.BlogPosts.Where(p => p.BlogPostId == postID).FirstOrDefault(); if (post != null) { model = new PostViewModel(post); if (User.IsInRole("Admin") || post.Blog.User.Username == User.Identity.Name) { // Validate the fields if (string.IsNullOrEmpty(title)) { model.Error = true; model.ErrorMessage = "You must write something for the title"; return View("~/Areas/Blog/Views/Blog/EditPost.cshtml", model); } if (string.IsNullOrEmpty(article)) { model.Error = true; model.ErrorMessage = "You must write something for the article"; return View("~/Areas/Blog/Views/Blog/EditPost.cshtml", model); } post.Title = title; post.Article = article; post.DateEdited = DateTime.Now; db.Entry(post).State = EntityState.Modified; db.SaveChanges(); return Redirect(Url.SubRouteUrl("blog", "Blog.Post", new { username = post.Blog.User.Username, id = post.BlogPostId })); } model.Error = true; model.ErrorMessage = "You are not authorized to edit this post"; return View("~/Areas/Blog/Views/Blog/EditPost.cshtml", model); } model.Error = true; model.ErrorMessage = "Post does not exist."; return View("~/Areas/Blog/Views/Blog/ViewPost.cshtml", model); } model.Error = true; model.ErrorMessage = "Invalid Parameters"; return View("~/Areas/Blog/Views/Blog/EditPost.cshtml", model); }