public IActionResult DeleteOrArchiveUser([FromRoute] int userId) { try { if (HttpContext.Items["User"] == null) { throw new UnauthorizedException("Authorization failed!"); } if (((User)HttpContext.Items["User"]).PermissionLevel < 3) { if (((User)HttpContext.Items["User"]).Id != userId) { throw new ForbiddenException("You don't have high enough security clearance for this operation!"); } _persistence.DeleteUser(userId); return(StatusCode(200)); } if (((User)HttpContext.Items["User"]).PermissionLevel == 3) { var temp = _persistence.GetUserById(userId); if (((User)HttpContext.Items["User"]).PermissionLevel <= temp.PermissionLevel || ((User)HttpContext.Items["User"]).OrganizationId != null && ((User)HttpContext.Items["User"]).OrganizationId != temp.OrganizationId) { throw new ForbiddenException("You don't have high enough security clearance for this operation!"); } _persistence.DeleteUser(userId); return(StatusCode(200)); } if (((User)HttpContext.Items["User"]).PermissionLevel == 4) { var temp = _persistence.GetUserById(userId); if (((User)HttpContext.Items["User"]).PermissionLevel <= temp.PermissionLevel) { throw new ForbiddenException("You don't have high enough security clearance for this operation!"); } _persistence.DeleteUser(userId); return(StatusCode(200)); } if (((User)HttpContext.Items["User"]).PermissionLevel > 4) { _persistence.DeleteUser(userId); return(StatusCode(200)); } return(StatusCode(500)); } catch (UnauthorizedException e) { return(StatusCode(401, e.Message)); } catch (ForbiddenException e) { return(StatusCode(403, e.Message)); } catch (NotFoundException e) { return(StatusCode(404, e.Message)); } catch (Exception e) { return(StatusCode(500, e.Message)); } }