public async Task <IHttpActionResult> Patch(int userId, int elementFieldId, Delta <UserElementField> patch)
{
// Owner check: Entity must belong to the current user
var currentUserId = User.Identity.GetUserId <int>();
if (currentUserId != userId)
{
return(StatusCode(HttpStatusCode.Forbidden));
}
// REMARK UserCommandTreeInterceptor already filters "userId" on EntityFramework level, but that might be removed later on / coni2k - 31 Jul. '17
var userElementField = await _resourcePoolManager.GetUserElementFieldSet(userId, elementFieldId).SingleOrDefaultAsync();
patch.Patch(userElementField);
await _resourcePoolManager.SaveChangesAsync();
return(Ok(userElementField));
}
