public Task <IActionResult> Get([FromRoute] string id) => WithContextAsync <Project>(async(contextUser, project) =>
    {
        if (string.IsNullOrWhiteSpace(id))
        {
            return(ErrorResult
                   .BadRequest($"The id provided in the url path is invalid. Must be a non-empty string.", ResultErrorCode.ValidationError)
                   .ToActionResult());
        }

        var projectTemplate = await projectTemplateRepository
                              .GetAsync(project.Organization, project.Template)
                              .ConfigureAwait(false);

        var componentTemplate = await componentTemplateRepository
                                .GetAsync(project.Organization, project.Id, id)
                                .ConfigureAwait(false);

        if (!(componentTemplate?.ParentId?.Equals(projectTemplate.Id, StringComparison.Ordinal) ?? false))
        {
            return(ErrorResult
                   .NotFound($"A Component Template with the id '{id}' could not be found for Project {project.Id}.")
                   .ToActionResult());
        }

        return(DataResult <ComponentTemplate>
               .Ok(componentTemplate)
               .ToActionResult());
    });
    private async Task <Dictionary <string, IEnumerable <Guid> > > GetRoleAssignmentsAsync(Component component)
    {
        var session = await azureResourceService.AzureSessionService
                      .CreateSessionAsync()
                      .ConfigureAwait(false);

        var template = await componentTemplateRepository
                       .GetAsync(component.Organization, component.ProjectId, component.TemplateId)
                       .ConfigureAwait(false);

        return(await userRepository
               .ListAsync(component.Organization, component.ProjectId)
               .SelectAwait(async user => new KeyValuePair <string, IEnumerable <Guid> >(user.Id, await GetUserRoleDefinitionIdsAsync(user).ConfigureAwait(false)))
               .ToDictionaryAsync(kvp => kvp.Key, kvp => kvp.Value)
               .ConfigureAwait(false));

        async Task <IEnumerable <Guid> > GetUserRoleDefinitionIdsAsync(User user)
        {
            var roleDefinitionIds = new HashSet <Guid>();

            if (template.Permissions?.Any() ?? false)
            {
                if (user.IsOwner(component.ProjectId) && template.Permissions.TryGetValue(ProjectUserRole.Owner, out var ownerPermissions))
                {
                    var tasks = ownerPermissions.Select(permission => ResolveRoleDefinitionIdAsync(permission));

                    roleDefinitionIds.UnionWith(await Task.WhenAll(tasks).ConfigureAwait(false));
                }
                else if (user.IsAdmin(component.ProjectId) && template.Permissions.TryGetValue(ProjectUserRole.Admin, out var adminPermissions))
                {
                    var tasks = adminPermissions.Select(permission => ResolveRoleDefinitionIdAsync(permission));

                    roleDefinitionIds.UnionWith(await Task.WhenAll(tasks).ConfigureAwait(false));
                }
                else if (user.IsMember(component.ProjectId) && template.Permissions.TryGetValue(ProjectUserRole.Member, out var memberPermissions))
                {
                    var tasks = memberPermissions.Select(permission => ResolveRoleDefinitionIdAsync(permission));

                    roleDefinitionIds.UnionWith(await Task.WhenAll(tasks).ConfigureAwait(false));
                }
            }

            // strip out unresolved role defintion ids
            roleDefinitionIds.RemoveWhere(id => id == Guid.Empty);

            if (!roleDefinitionIds.Any())
            {
                // if no role definition id was resolved use default
                roleDefinitionIds.Add(AzureRoleDefinition.Reader);
            }

            return(roleDefinitionIds);
        }

        async Task <Guid> ResolveRoleDefinitionIdAsync(string permission)
        {
            if (Guid.TryParse(permission, out var roleDefinitionId))
            {
                return(roleDefinitionId);
            }

            try
            {
                var roleDefinition = await session.RoleDefinitions
                                     .GetByScopeAndRoleNameAsync(component.ResourceId, permission)
                                     .ConfigureAwait(false);

                if (roleDefinition is null)
                {
                    return(Guid.Empty);
                }

                return(Guid.Parse(roleDefinition.Id.Split('/').LastOrDefault()));
            }
            catch
            {
                return(Guid.Empty);
            }
        }
    }