public IActionResult UpdatePatient(int patientId, [FromBody] Patient patient) { if (!User.IsInRole(Role.Doctor) && !_patientAuthorization.IsPatientOwnAccount(patient.UserId, User)) { Log.Warning("You are not authorized to do this"); return(Unauthorized()); } if (patientId != patient.UserId) { return(Forbid()); } Log.Information($"Updating information about patient {patient.FullName}"); var updatedPatient = _patientBusiness.UpdatePatient(patient); if (updatedPatient == null) { Log.Warning("Bad Request - patient was not updated"); return(BadRequest()); } Log.Information("Patient was updated"); _distributedCache.Remove("Patients"); return(Created(nameof(GetPatient), updatedPatient)); }