From 1a0fd3445db997f6fd9091f03c1730940a31a38c Mon Sep 17 00:00:00 2001
From: Joseph Milazzo <joseph.v.milazzo@gmail.com>
Date: Thu, 20 Jan 2022 08:54:08 -0800
Subject: [PATCH] Reading List Change (#972)

* Allow an admin to delete another user's reading list

* Allow an admin to delete another user's reading list
---
 API/Controllers/ReadingListController.cs | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/API/Controllers/ReadingListController.cs b/API/Controllers/ReadingListController.cs
index 9391105cb..34a7e47b8 100644
--- a/API/Controllers/ReadingListController.cs
+++ b/API/Controllers/ReadingListController.cs
@@ -164,12 +164,15 @@ namespace API.Controllers
         public async Task<ActionResult> DeleteList([FromQuery] int readingListId)
         {
             var user = await _unitOfWork.UserRepository.GetUserWithReadingListsByUsernameAsync(User.GetUsername());
+            var isAdmin = await _unitOfWork.UserRepository.IsUserAdminAsync(user);
             var readingList = user.ReadingLists.SingleOrDefault(r => r.Id == readingListId);
-            if (readingList == null)
+            if (readingList == null && !isAdmin)
             {
                 return BadRequest("User is not associated with this reading list");
             }
 
+            readingList = await _unitOfWork.ReadingListRepository.GetReadingListByIdAsync(readingListId);
+
             user.ReadingLists.Remove(readingList);
 
             if (_unitOfWork.HasChanges() && await _unitOfWork.CommitAsync())
@@ -211,7 +214,7 @@ namespace API.Controllers
         }
 
         /// <summary>
-        /// Update the properites (title, summary) of a reading list
+        /// Update the properties (title, summary) of a reading list
         /// </summary>
         /// <param name="dto"></param>
         /// <returns></returns>