public async Task<IHttpActionResult> PostItemComment(ItemCommentBindModel itemComment) { if (!ModelState.IsValid) { return BadRequest(ModelState); } string UserId = User.Identity.GetUserId(); var claims = await UserManager.GetClaimsAsync(UserId); bool ReadonlyComments = claims.Where(c => c.Type == "comments" && c.Value == "readonly").Any(); if (ReadonlyComments) { return BadRequest("You may only read."); } ItemComment comment = new ItemComment() { ItemId = itemComment.ItemId, Text = itemComment.Text, UserId = UserId, Date = DateTime.UtcNow, }; db.ItemComments.Add(comment); await db.SaveChangesAsync(); var commentView = new ItemCommentViewModel() { Id = comment.Id, ItemId = comment.ItemId, Date = comment.Date, Text = comment.Text, UserName = UserManager.FindById(comment.UserId).UserName, }; return CreatedAtRoute("DefaultApi", new { id = comment.Id }, commentView); }
public async Task<IHttpActionResult> PutItemComment(int id, ItemComment itemComment) { if (!ModelState.IsValid) { return BadRequest(ModelState); } if (id != itemComment.Id) { return BadRequest(); } db.Entry(itemComment).State = EntityState.Modified; try { await db.SaveChangesAsync(); } catch (DbUpdateConcurrencyException) { if (!ItemCommentExists(id)) { return NotFound(); } else { throw; } } return StatusCode(HttpStatusCode.NoContent); }