public async Task <IActionResult> UpdateAccount(int userId, [FromBody] UserResource userResource)
        {
            if (userResource.InstitutionId != null)
            {
                int institutionId = userResource.InstitutionId.Value;
                if (institutionId < 1)
                {
                    ProblemDetails problem = new ProblemDetails
                    {
                        Title    = "Failed getting institution.",
                        Detail   = "The id of an institution can't be smaller than 1",
                        Instance = "7C50A0D7-459D-473B-9ADE-7FC5B7EEE39E"
                    };
                    return(BadRequest(problem));
                }

                Institution foundInstitution = await institutionService.FindAsync(institutionId);

                if (foundInstitution == null)
                {
                    ProblemDetails problem = new ProblemDetails
                    {
                        Title    = "Failed getting institution.",
                        Detail   = "The institution could not be found in the database.",
                        Instance = "6DECDE32-BE44-43B1-9DDD-4D14AE9CE731"
                    };
                    return(NotFound(problem));
                }
            }

            User userToUpdate = await userService.FindAsync(userId);

            if (userToUpdate == null)
            {
                ProblemDetails problem = new ProblemDetails
                {
                    Title    = "Failed getting the user account.",
                    Detail   = "The database does not contain a user with that user id.",
                    Instance = "EF4DA55A-C31A-4BC4-AE30-098DEB0D3457"
                };
                return(NotFound(problem));
            }

            User currentUser = await HttpContext.GetContextUser(userService)
                               .ConfigureAwait(false);

            bool hasFullAllowance = userService.UserHasScope(currentUser.IdentityId, nameof(Defaults.Scopes.UserWrite));

            // Has institution excluded allowance if it's your own account or if the user has the right scope for the same institution.
            // In the last case, the institution has to be the same.
            bool hasInstitutionExcludedAllowance = currentUser.Id == userId ||
                                                   await authorizationHelper.SameInstitutionAndInstitutionScope(currentUser,
                                                                                                                nameof(Defaults.Scopes.InstitutionUserWrite), userToUpdate.Id);

            if (!hasFullAllowance &&
                !hasInstitutionExcludedAllowance)
            {
                ProblemDetails problem = new ProblemDetails
                {
                    Title    = "Failed to edit the user.",
                    Detail   = "The user is not allowed to edit this user.",
                    Instance = "E28BEBC0-AE7C-49F5-BDDC-3C13972B75D0"
                };
                return(Unauthorized(problem));
            }

            // Roles that have the institution excluded allowance or it's own account can update everything except the institution id.
            if (hasInstitutionExcludedAllowance)
            {
                // Check if no institution is specified, and if an institution is specified, this institution can't be
                // updated. However, the institution can be null, because the data officer has enough rights to delete
                // a user from their institution.
                if (userResource.InstitutionId != null &&
                    userResource.InstitutionId != userToUpdate.InstitutionId)
                {
                    ProblemDetails problem = new ProblemDetails
                    {
                        Title    = "Failed to edit the user",
                        Detail   = "The user has not enough rights to update the institution id",
                        Instance = "DD72C521-1D06-4E11-A0E0-AAE515E7F900"
                    };
                    return(Unauthorized(problem));
                }
            }

            mapper.Map(userResource, userToUpdate);

            userService.Update(userToUpdate);
            userService.Save();

            return(Ok(mapper.Map <User, UserResourceResult>(userToUpdate)));
        }