48 lines
1.2 KiB
C#
48 lines
1.2 KiB
C#
8 years ago
|
using System.Linq;
|
||
|
using System.Security.Claims;
|
||
|
using Microsoft.AspNet.Authorization;
|
||
|
using Microsoft.AspNet.Mvc;
|
||
|
using Yavsc.Models;
|
||
|
|
||
|
namespace Yavsc.Controllers
|
||
|
{
|
||
|
[Produces("application/json")]
|
||
|
[Route("api/PostRateApi")]
|
||
|
public class PostRateApiController : Controller
|
||
|
{
|
||
|
private ApplicationDbContext _context;
|
||
|
|
||
|
public PostRateApiController(ApplicationDbContext context)
|
||
|
{
|
||
|
_context = context;
|
||
|
}
|
||
|
|
||
|
// GET: api/PostRateApi/5
|
||
|
[HttpPut("{id}"),Authorize]
|
||
|
public IActionResult PutPostRate([FromRoute] long id, [FromBody] int rate)
|
||
|
{
|
||
|
if (!ModelState.IsValid)
|
||
|
{
|
||
|
return HttpBadRequest(ModelState);
|
||
|
}
|
||
|
|
||
|
Blog blogpost = _context.Blogspot.Single(x=>x.Id == id);
|
||
|
|
||
|
if (blogpost == null)
|
||
|
{
|
||
|
return HttpNotFound();
|
||
|
}
|
||
|
|
||
|
var uid = User.GetUserId();
|
||
|
if (blogpost.AuthorId!=uid)
|
||
|
if (!User.IsInRole(Constants.AdminGroupName))
|
||
|
return HttpBadRequest();
|
||
|
|
||
|
blogpost.Rate = rate;
|
||
|
_context.SaveChanges();
|
||
|
|
||
|
return Ok();
|
||
|
}
|
||
|
}
|
||
|
}
|