/// POST api/Files
        /// <summary>
        /// CREATE's a new file for the org passed in
        /// </summary>
        public HttpResponseMessage PostFile(File file)
        {
            if (Auth.FB.IsOrgAdmin(file.orgsId))
            {
                if (ModelState.IsValid)
                {
                    if (file.security != "public" && file.security != "private")
                    {
                        file.security = "public";
                    }

                    db.File.Add(file);
                    db.SaveChanges();

                    HttpResponseMessage response = Request.CreateResponse(HttpStatusCode.Created, file);
                    response.Headers.Location = new Uri(Url.Link("DefaultApi", new { id = file.id }));
                    return response;
                }
                else
                {
                    return Request.CreateResponse(HttpStatusCode.BadRequest);
                }
            }
            else
            {
                throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.Unauthorized));
            }
        }
        // PUT api/Files/{fileId}
        /// <summary>
        /// Update a file, for example update the published date by passing in the updated_at field, note this is not a patch and all valus must be passed in. 
        /// </summary>
        public HttpResponseMessage PutFile(int id, File file)
        {
            if (Auth.FB.IsOrgAdmin(file.orgsId))
            {
                if (ModelState.IsValid && id == file.id)
                {
                    if (file.security != "public" && file.security != "private")
                    {
                        file.security = "public";
                    }

                    db.Entry(file).State = EntityState.Modified;

                    try
                    {
                        db.SaveChanges();
                    }
                    catch (DbUpdateConcurrencyException)
                    {
                        return Request.CreateResponse(HttpStatusCode.NotFound);
                    }

                    return Request.CreateResponse(HttpStatusCode.OK);
                }
                else
                {
                    return Request.CreateResponse(HttpStatusCode.BadRequest);
                }
            }
            else
            {
                throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.Unauthorized));
            }
        }