Пример #1
0
        public IHttpActionResult AddCommentToPost(int id, CommentBindingModel commentBindingModel)
        {
            var post = this.Data.Posts.Find(id);

            if (post == null)
            {
                return this.NotFound();
            }

            if (!this.ModelState.IsValid)
            {
                return this.BadRequest(ErrorMessagesCreator.GetErrorsAsString(ModelState));
            }

            var comment = new Comment()
            {
                Post = post,
                Body = commentBindingModel.Body,
                Author = this.Data.UserManager.FindById(User.Identity.GetUserId()),
                PostDate = DateTime.Now
            };

            post.Comments.Add(comment);

            this.Data.SaveChanges();

            return this.Ok("Comment added");
        }
Пример #2
0
        public IHttpActionResult EditPost(int id, CommentBindingModel commentBindingModel)
        {
            var comment = this.Data.Comments.Find(id);

            if (comment == null)
            {
                return this.NotFound();
            }

            var currentUser = this.Data.UserManager.FindById(User.Identity.GetUserId());

            bool isAdmin = this.Data.UserManager.IsInRole(currentUser.Id, "AppAdmin");

            if (currentUser != comment.Author && isAdmin == false)
            {
                return this.BadRequest("You have no permission to delete foreign comment.");
            }

            this.Data.Comments.Update(comment);

            this.Data.SaveChanges();

            return this.Ok("Comment edited");
        }