public async Task <IHttpActionResult> Patch(int userId, int resourcePoolId, Delta <UserResourcePool> patch)
{
// Owner check: Entity must belong to the current user
var currentUserId = User.Identity.GetUserId <int>();
if (currentUserId != userId)
{
return(StatusCode(HttpStatusCode.Forbidden));
}
// REMARK UserCommandTreeInterceptor already filters "userId" on EntityFramework level, but that might be removed later on / coni2k - 31 Jul. '17
var userResourcePool = await _resourcePoolManager.GetUserResourcePoolSet(userId, resourcePoolId).SingleOrDefaultAsync();
patch.Patch(userResourcePool);
await _resourcePoolManager.SaveChangesAsync();
return(Ok(userResourcePool));
}