public IActionResult ApproveDerogation(long id, ApprovalRequestModel requestModel) { var authUser = _userService.GetUserByName(this.User.Identity.Name); if (authUser != null && authUser.CanApprove == '0') { return(BadRequest(new { message = "Action is not allowed!" })); } var derogation = _derogationService.GetDerogation(id); if (authUser == null || derogation == null) { return(BadRequest()); } var nextDeptsForApproval = _derogationService.GetNextDeptsForApproval(derogation); if (!nextDeptsForApproval.Contains(authUser.FactoryDepartment)) { return(BadRequest()); } _derogationService.ChangeDergDeptStatusByUser(derogation, authUser, requestModel); var dergDeptsWhichExpected = _derogationService.GetDerogationDepartmentsWhichExpected(derogation); var recipients = new List <User>(); dergDeptsWhichExpected.ForEach(dergDept => { var users = _database.Users.Where(user => user.Department == dergDept.Department).ToList(); recipients.AddRange(users); }); _notificationService.ApproveDerogation(derogation, recipients); return(Ok(derogation)); }