public async Task <IActionResult> DeletePart(
[FromRoute] string database, [FromRoute] string id)
{
_logger.Information("User {UserName} deleting part {PartId} from {IP}",
User.Identity.Name,
id,
HttpContext.Connection.RemoteIpAddress);
ICadmusRepository repository =
_repositoryProvider.CreateRepository(database);
// operators can delete only parts created by themselves
ApplicationUser user = await _userManager.GetUserAsync(User);
if (await IsUserInRole(user,
"operator",
new HashSet <string>(new string[] { "admin", "editor" })) &&
repository.GetPartCreatorId(id) != user.UserName)
{
return(Unauthorized());
}
repository.DeletePart(id, User.Identity.Name);
return(Ok());
}