public async Task <ActionResult> Delete(int commentId) { return(await HandleExceptions(async() => { var role = User.Claims.FirstOrDefault(x => x.Type.Equals(ClaimsIdentity.DefaultRoleClaimType))?.Value; var userId = User.Claims.FirstOrDefault(x => x.Type.Equals(ClaimsIdentity.DefaultNameClaimType))?.Value; var authorId = await _commentManager.GetCommentAuthorIdAsync(commentId); if (role != "Admin" && Int32.Parse(userId) != authorId) { return Forbid("Access denied"); } await _commentManager.DeleteCommentAsync(commentId, false); return Ok(); })); }
public async Task <ActionResult> Delete([FromRoute] int commentId) { var role = User.Claims.FirstOrDefault(x => x.Type.Equals(ClaimsIdentity.DefaultRoleClaimType))?.Value; var userId = User.Claims.FirstOrDefault(x => x.Type.Equals(ClaimsIdentity.DefaultNameClaimType))?.Value; var authorId = await _commentManager.GetCommentAuthorIdAsync(commentId); if (role != "Admin" && Guid.Parse(userId) != authorId) { return(Forbid("Access denied")); } await _commentManager.DeleteCommentAsync(commentId); return(Ok()); }