public IActionResult UpdatePatient(int patientId, [FromBody] Patient patient)
{
if (!User.IsInRole(Role.Doctor) && !_patientAuthorization.IsPatientOwnAccount(patient.UserId, User))
{
Log.Warning("You are not authorized to do this");
return(Unauthorized());
}
if (patientId != patient.UserId)
{
return(Forbid());
}
Log.Information($"Updating information about patient {patient.FullName}");
var updatedPatient = _patientBusiness.UpdatePatient(patient);
if (updatedPatient == null)
{
Log.Warning("Bad Request - patient was not updated");
return(BadRequest());
}
Log.Information("Patient was updated");
_distributedCache.Remove("Patients");
return(Created(nameof(GetPatient), updatedPatient));
}
