public async Task <ActionResult> Delete(int commentId)
{
return(await HandleExceptions(async() =>
{
var role = User.Claims.FirstOrDefault(x => x.Type.Equals(ClaimsIdentity.DefaultRoleClaimType))?.Value;
var userId = User.Claims.FirstOrDefault(x => x.Type.Equals(ClaimsIdentity.DefaultNameClaimType))?.Value;
var authorId = await _commentManager.GetCommentAuthorIdAsync(commentId);
if (role != "Admin" && Int32.Parse(userId) != authorId)
{
return Forbid("Access denied");
}
await _commentManager.DeleteCommentAsync(commentId, false);
return Ok();
}));
}
public async Task <ActionResult> Delete([FromRoute] int commentId)
{
var role = User.Claims.FirstOrDefault(x => x.Type.Equals(ClaimsIdentity.DefaultRoleClaimType))?.Value;
var userId = User.Claims.FirstOrDefault(x => x.Type.Equals(ClaimsIdentity.DefaultNameClaimType))?.Value;
var authorId = await _commentManager.GetCommentAuthorIdAsync(commentId);
if (role != "Admin" && Guid.Parse(userId) != authorId)
{
return(Forbid("Access denied"));
}
await _commentManager.DeleteCommentAsync(commentId);
return(Ok());
}