public IHttpActionResult GetPhotoById(int photoId, string username) { var currentUserId = this.UserIdProvider.GetUserId(); var currentUser = this.Data.Users.Find(currentUserId); var wantedUser = this.Data .Users .All() .FirstOrDefault(u => u.UserName == username); if (wantedUser == null) { return(this.NotFound()); } if (!this.HasAuthorizationForDetailedInfo(wantedUser, currentUserId)) { return(this.Unauthorized()); } var photo = this.Data.Photos .All() .Where(p => p.Id == photoId) .Select(PhotoViewModel.Create(currentUser)) .FirstOrDefault(); if (photo == null) { return(this.NotFound()); } return(this.Ok(photo)); }