public IHttpActionResult AddCommentToPost(int id, CommentBindingModel commentBindingModel)
{
var post = this.Data.Posts.Find(id);
if (post == null)
{
return this.NotFound();
}
if (!this.ModelState.IsValid)
{
return this.BadRequest(ErrorMessagesCreator.GetErrorsAsString(ModelState));
}
var comment = new Comment()
{
Post = post,
Body = commentBindingModel.Body,
Author = this.Data.UserManager.FindById(User.Identity.GetUserId()),
PostDate = DateTime.Now
};
post.Comments.Add(comment);
this.Data.SaveChanges();
return this.Ok("Comment added");
}
public IHttpActionResult EditPost(int id, CommentBindingModel commentBindingModel)
{
var comment = this.Data.Comments.Find(id);
if (comment == null)
{
return this.NotFound();
}
var currentUser = this.Data.UserManager.FindById(User.Identity.GetUserId());
bool isAdmin = this.Data.UserManager.IsInRole(currentUser.Id, "AppAdmin");
if (currentUser != comment.Author && isAdmin == false)
{
return this.BadRequest("You have no permission to delete foreign comment.");
}
this.Data.Comments.Update(comment);
this.Data.SaveChanges();
return this.Ok("Comment edited");
}