public HttpResponseMessage CommentDelete(CommentDeleteDTO postData) { try { var ci = JournalController.Instance.GetComment(postData.CommentId); if (ci == null) { return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError, "delete failed")); } var ji = JournalController.Instance.GetJournalItem(ActiveModule.OwnerPortalID, UserInfo.UserID, postData.JournalId); if (ji == null) { return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError, "invalid request")); } if (ci.UserId == UserInfo.UserID || ji.UserId == UserInfo.UserID || UserInfo.IsInRole(PortalSettings.AdministratorRoleName)) { JournalController.Instance.DeleteComment(postData.JournalId, postData.CommentId); return(Request.CreateResponse(HttpStatusCode.OK, new { Result = "success" })); } return(Request.CreateErrorResponse(HttpStatusCode.Unauthorized, "access denied")); } catch (Exception exc) { Logger.Error(exc); return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError, exc)); } }
public HttpResponseMessage CommentDelete(CommentDeleteDTO postData) { try { var ci = JournalController.Instance.GetComment(postData.CommentId); if (ci == null) { return Request.CreateErrorResponse(HttpStatusCode.InternalServerError, "delete failed"); } if (ci.UserId == UserInfo.UserID || UserInfo.IsInRole(PortalSettings.AdministratorRoleName)) { JournalController.Instance.DeleteComment(postData.JournalId, postData.CommentId); return Request.CreateResponse(HttpStatusCode.OK, new { Result = "success" }); } return Request.CreateErrorResponse(HttpStatusCode.Unauthorized, "access denied"); } catch (Exception exc) { Logger.Error(exc); return Request.CreateErrorResponse(HttpStatusCode.InternalServerError, exc); } }