public async Task <ActionResult <EnrolleeViewModel> > DeleteEnrollee(int enrolleeId)
{
var enrollee = await _enrolleeService.GetEnrolleeAsync(enrolleeId);
if (enrollee == null)
{
return(NotFound(ApiResponse.Message($"Enrollee not found with id {enrolleeId}")));
}
await _enrolleeService.DeleteEnrolleeAsync(enrolleeId);
return(Ok(ApiResponse.Result(enrollee)));
}
public async Task <ActionResult <Enrollee> > DeleteEnrollee(int enrolleeId)
{
var enrollee = await _enrolleeService.GetEnrolleeAsync(enrolleeId);
if (enrollee == null)
{
return(NotFound(new ApiResponse(404, $"Enrollee not found with id {enrolleeId}")));
}
// if the user is not an ADMIN, make sure the enrolleeId matches the user, otherwise return not authorized
if (!BelongsToEnrollee(enrollee))
{
return(Forbid());
}
await _enrolleeService.DeleteEnrolleeAsync(enrolleeId);
return(Ok(new ApiOkResponse <Enrollee>(enrollee)));
}
