public async Task <IActionResult> GetUserById([FromRoute] string id) { if (id == null) { return(BadRequest(new JsonResult("NULL Id!"))); } var user = await _db.Users .Include(user => user.Favorites) .ThenInclude(fav => fav.Product) .Include(user => user.Orders) .SingleOrDefaultAsync(u => u.Id == id) ; if (user != null && user.Deleted == false) { var jwt = HttpContext.Request.Headers.FirstOrDefault(c => c.Key == "Authorization").Value.ToString().Replace("Bearer ", ""); var handler = new JwtSecurityTokenHandler(); var token = handler.ReadJwtToken(jwt); var userIdLoggedIn = token.Payload.SingleOrDefault(p => p.Key == "nameid").Value.ToString(); var userRoleLoggedIn = token.Payload.SingleOrDefault(p => p.Key == "role").Value.ToString(); if (userRoleLoggedIn == "Customer" && userIdLoggedIn != user.Id) { return(Unauthorized()); } var userRole = await _userManager.GetRolesAsync(user); var result = new BaseUser { Id = user.Id, FirstName = user.FirstName, MiddleName = user.MiddleName, LastName = user.LastName, DisplayName = user.DisplayName, UserName = user.UserName, Email = user.Email, PhoneNumber = user.PhoneNumber, Location = user.Location, CreatedAt = user.CreatedAt, UpdatedAt = user.UpdatedAt, Deleted = user.Deleted, role = userRole[0], Orders = user.Orders, Favorites = _dataCleaner.cleanFavorites(user.Favorites) }; return(Ok(result)); } else { return(BadRequest(new JsonResult("User with id " + id + " not found"))); } }