From 1b24f6798345e38e371911ac0f5fbb84e38caaa2 Mon Sep 17 00:00:00 2001
From: JustAnyone <dom.svetikas@gmail.com>
Date: Mon, 6 Oct 2025 22:42:44 +0300
Subject: [PATCH] Fix all comments were returned instead of post-specific
 comments

---
 Bruno/collection.bru                            |  1 +
 T120B165-ImgBoard/Controllers/PostController.cs | 14 +++++++-------
 T120B165-ImgBoard/Services/CommentService.cs    |  7 ++++---
 3 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/Bruno/collection.bru b/Bruno/collection.bru
index 867cec3..b072514 100644
--- a/Bruno/collection.bru
+++ b/Bruno/collection.bru
@@ -12,5 +12,6 @@ auth:bearer {
 
 vars:pre-request {
   baseUrl: http://localhost:5259
+  ~baseUrl: https://t120b165.svetikas.lt
   ~baseUrl: http://localhost:8080
 }
diff --git a/T120B165-ImgBoard/Controllers/PostController.cs b/T120B165-ImgBoard/Controllers/PostController.cs
index 5052ae1..fa6bfd0 100644
--- a/T120B165-ImgBoard/Controllers/PostController.cs
+++ b/T120B165-ImgBoard/Controllers/PostController.cs
@@ -179,7 +179,7 @@ public class PostController(
         if (post == null) return NotFound();
         
         var fileRecord = await fileService.GetFileById(fileId);
-        if (fileRecord == null) return NotFound();
+        if (fileRecord == null || post.File.Id != fileRecord.Id) return NotFound();
         
         // If not the resource owner
         var userId = HttpContext.User.Claims.First(c => c.Type == ClaimTypes.NameIdentifier).Value;
@@ -264,7 +264,7 @@ public class PostController(
         if (post == null) return NotFound();
         
         var fileRecord = await fileService.GetFileById(fileId);
-        if (fileRecord == null) return NotFound();
+        if (fileRecord == null || post.File.Id != fileRecord.Id) return NotFound();
         
         // Ensure the file has been successfully uploaded and finalized
         if (string.IsNullOrEmpty(fileRecord.FilePath) || fileRecord.FinishedDate == null)
@@ -466,7 +466,7 @@ public class PostController(
         if (entry == null) return NotFound();
         
         var comment = await commentService.GetById(commentId);
-        if (comment == null) return NotFound();
+        if (comment == null || entry.Id != comment.OriginalPost.Id) return NotFound();
         
         return Ok(CommentDto.FromComment(comment));
     }
@@ -491,7 +491,7 @@ public class PostController(
         var post = await postService.GetById(postId);
         if (post == null) return NotFound();
         
-        var list = await commentService.GetAll(pageNumber);
+        var list = await commentService.GetAll(postId, pageNumber);
         var newItems = list.Items.Select(CommentDto.FromComment).ToList();
         return Ok(new PagedList<CommentDto>(newItems, list.CurrentPage, list.PageSize, list.TotalCount));
     }
@@ -519,7 +519,7 @@ public class PostController(
         if (post == null) return NotFound();
         
         var comment = await commentService.GetById(commentId);
-        if (comment == null) return NotFound();
+        if (comment == null || post.Id != comment.OriginalPost.Id) return NotFound();
         
         var userId = HttpContext.User.Claims.First(c => c.Type == ClaimTypes.NameIdentifier).Value;
         var isAdmin = HttpContext.User.IsInRole(UserRoles.Admin);
@@ -556,8 +556,8 @@ public class PostController(
         if (post == null) return NotFound();
         
         var comment = await commentService.GetById(commentId);
-        if (comment == null) return NotFound();
-        
+        if (comment == null || post.Id != comment.OriginalPost.Id) return NotFound();
+
         var userId = HttpContext.User.Claims.First(c => c.Type == ClaimTypes.NameIdentifier).Value;
         var isAdmin = HttpContext.User.IsInRole(UserRoles.Admin);
 
diff --git a/T120B165-ImgBoard/Services/CommentService.cs b/T120B165-ImgBoard/Services/CommentService.cs
index ef75c1b..b33a3b8 100644
--- a/T120B165-ImgBoard/Services/CommentService.cs
+++ b/T120B165-ImgBoard/Services/CommentService.cs
@@ -9,7 +9,7 @@ public interface ICommentService
 {
     Task<Comment> Create(string text, User author, Post post);
     Task<Comment?> GetById(int commentId);
-    Task<PagedList<Comment>> GetAll(int pageNumber = 1);
+    Task<PagedList<Comment>> GetAll(int postId, int pageNumber = 1);
     Task<bool> Delete(Comment comment);
     Task<Comment> Update(Comment comment);
 }
@@ -40,10 +40,11 @@ public class CommentService(ImgBoardContext context): ICommentService
             .FirstOrDefaultAsync();
     }
 
-    public async Task<PagedList<Comment>> GetAll(int pageNumber = 1)
+    public async Task<PagedList<Comment>> GetAll(int postId, int pageNumber = 1)
     {
-        var totalCount = await context.Comments.CountAsync();
+        var totalCount = await context.Comments.Where(c => c.OriginalPost.Id == postId).CountAsync();
         var items = await context.Comments
+            .Where(c => c.OriginalPost.Id == postId)
             .Skip((pageNumber - 1) * PageSize)
             .Take(PageSize)
             .Include(b => b.Author)