public IHttpActionResult CreateGradeAsTeacher(int teacherId, GradeDto gradeDto) { var userData = IdentityHelper.GetLoggedInUser(RequestContext); logger.Info("Create Grade {@gradeData} for Teacher {@teacherId} by {@userData}", gradeDto, teacherId, userData); if (teacherId != gradeDto.TeacherId) { return(BadRequest("Id mismatch")); } if (userData.UserRole != "teachers") { return(Unauthorized()); } if (teacherId != userData.UserId) { throw new UnauthorizedAccessException(string.Format("You are not allowed to assign grades for teacher {0}", teacherId)); } GradeDto createdGrade = gradesService.CreateGradeDto(gradeDto); logger.Info("Teacher {@userData} created grade {@gradeData}", userData, createdGrade); return(CreatedAtRoute("GetGrade", new { gradeId = createdGrade.GradeId }, createdGrade)); }