public IActionResult EditPost(PostPatch parameters) { var userID = JWTUtility.GetUserID(HttpContext); var role = JWTUtility.GetRole(HttpContext); var post = (from posts in _context.Posts where posts.Id == parameters.ID select posts).Single(); if (role != RoleType.Admin && post.Userid != userID) { return(BadRequest(new { error = "You do not have permission to edit this post" })); } if (parameters.Post.Count() > _maxPostCharacterCount) { return(BadRequest(new { error = "Your post has too many characters" })); } post.Editdate = DateTime.Now; post.Post = parameters.Post; _context.SaveChanges(); return(Ok()); }
public IActionResult DeletePost(PostDelete parameters) { var userID = JWTUtility.GetUserID(HttpContext); var role = JWTUtility.GetRole(HttpContext); var post = (from posts in _context.Posts where posts.Id == parameters.ID select posts).Single(); if (role != RoleType.Admin && post.Userid != userID) { return(BadRequest(new { error = "You do not have permission to delete this post" })); } var comments = from cmts in _context.Comments where cmts.Postid == parameters.ID select cmts; var likes = from lks in _context.Likes where lks.Postid == parameters.ID select lks; _context.Likes.RemoveRange(likes); _context.Comments.RemoveRange(comments); _context.Posts.Remove(post); _context.SaveChanges(); return(Ok()); }
public IActionResult DeleteComment(CommentDelete parameters) { var userID = JWTUtility.GetUserID(HttpContext); var role = JWTUtility.GetRole(HttpContext); var comment = (from comments in _context.Comments where comments.Id == parameters.CommentID select comments).Single(); if (role != RoleType.Admin && comment.Userid != userID) { return(BadRequest(new { error = "You do not have permission to delete this post" })); } _context.Comments.Remove(comment); _context.SaveChanges(); return(Ok()); }
public IActionResult EditComment(CommentEditPatch parameters) { var userID = JWTUtility.GetUserID(HttpContext); var role = JWTUtility.GetRole(HttpContext); var comment = (from comments in _context.Comments where comments.Id == parameters.CommentID select comments).Single(); if (role != RoleType.Admin && comment.Userid != userID) { return(BadRequest(new { error = "You do not have permission to edit this post" })); } comment.Editdate = DateTime.Now; comment.Comment = parameters.Comment; _context.SaveChanges(); return(Ok()); }