public async Task <IHttpActionResult> Delete(int id)
{
try
{
var currentUser = await GetCurrentUser();
RecordBLL bll = new RecordBLL(_unit);
bool isAdmin = await AppUserManager.IsInRoleAsync(currentUser.Id, "Admin");
if (isAdmin)
{
bll.DeleteRecord(id);
}
else
{
var w = bll.GetByID(id);
if (w.Owner == currentUser.Id)
{
bll.DeleteRecord(id);
}
else
{
BadRequest("You don't have permission to delete this record.");
}
}
}
catch (Exception ex)
{
LogHelper.Error(_log, ex.ToString());
return(InternalServerError(ex));
}
return(Ok());
}
