public async Task <IActionResult> UpdateCommentAsync([FromRoute] int postId, [FromRoute] int commentId, [FromBody] CommentUpdateModel model) { var comment = await _postRepository.GetCommentByIdAsync(commentId); if (!await _postRepository.AnyByIdAsync(postId)) { throw new NotFound404Exception("post"); } if (comment == null) { throw new NotFound404Exception("comment"); } if (string.IsNullOrWhiteSpace(model.Content)) { throw new IsRequiredException("content"); } if (model.Content.Length < 20) { throw new ContentIsInvalidException(); } // bind data comment.Content = model.Content; comment.UpdatedDate = DateTime.Now; await _postRepository.UpdateCommentAsync(comment); return(Ok(CommentDTO.GetFrom(comment))); }
public async Task <IActionResult> CreateCommentAsync([FromRoute] int postId, [FromBody] CommentCreateModel model) { if (string.IsNullOrWhiteSpace(model.Content)) { throw new IsRequiredException("content"); } if (model.Content.Length < 20) { throw new ContentIsInvalidException(); } if (!await _postRepository.AnyByIdAsync(postId)) { throw new NotFound404Exception("post"); } DateTime now = DateTime.Now; var comment = new Comment { AccountId = CurrentAccountId, PostId = postId, Content = model.Content, CreatedDate = now, UpdatedDate = now }; await _postRepository.CreateCommentAsync(comment); return(Ok(CommentDTO.GetFrom(comment))); }
public async Task <IActionResult> DeleteCommentAsync([FromRoute] int postId, [FromRoute] int commentId) { var currentFunctionCodes = GetCurrentAccountFunctionCodes(); var comment = await _postRepository.GetCommentByIdAsync(commentId); if (comment == null) { throw new NotFound404Exception("comment"); } if (!currentFunctionCodes.Contains("Comment_Full")) { if (!currentFunctionCodes.Contains("Comment_Delete_All")) { if (CurrentAccountId != comment.AccountId) { throw new ForbiddenException(); } } var currentAccount = await _accountRepository.GetAccountByIdAsync(CurrentAccountId); var account = await _accountRepository.GetAccountByIdAsync(comment.AccountId); if (currentAccount.GroupId > account.GroupId) { throw new ForbiddenException(); // the lower the group id, the higher the authority; can only delete the group with authority lower than the current group } } if (!await _postRepository.AnyByIdAsync(postId)) { throw new NotFound404Exception("post"); } comment.IsDeleted = true; comment.UpdatedDate = DateTime.Now; await _postRepository.UpdateCommentAsync(comment); return(Ok(CommentDTO.GetFrom(comment))); }