public async Task <ActionResult <PostCommentDTO> > PutPostComment(PostCommentDTO updateComment, int commentId)
{
// Test to see if claim == post.UserId or policy is admin
// if so allow the update
// if not don't allow it
var comment = await _postComment.GetASpecificComment(commentId);
var usersRoles = UserClaimsGetters.GetUserRoles(User, _userManager);
if (UserClaimsGetters.GetUserId(User) == comment.UserId || usersRoles.Contains("Admin") || usersRoles.Contains("Owner"))
{
var commentUpdate = await _postComment.Update(updateComment, commentId);
if (commentUpdate != null)
{
return(commentUpdate);
}
return(BadRequest());
}
throw new Exception("You are not authorized to Update that Comment.");
}
public async Task <ActionResult <Comment> > UpdatePost(Comment comment, int id)
{
await _repo.Update(comment, id);
return(Ok(comment));
}
