public async Task <ActionResult <EnrolleeViewModel> > DeleteEnrollee(int enrolleeId) { var enrollee = await _enrolleeService.GetEnrolleeAsync(enrolleeId); if (enrollee == null) { return(NotFound(ApiResponse.Message($"Enrollee not found with id {enrolleeId}"))); } await _enrolleeService.DeleteEnrolleeAsync(enrolleeId); return(Ok(ApiResponse.Result(enrollee))); }
public async Task <ActionResult <Enrollee> > DeleteEnrollee(int enrolleeId) { var enrollee = await _enrolleeService.GetEnrolleeAsync(enrolleeId); if (enrollee == null) { return(NotFound(new ApiResponse(404, $"Enrollee not found with id {enrolleeId}"))); } // if the user is not an ADMIN, make sure the enrolleeId matches the user, otherwise return not authorized if (!BelongsToEnrollee(enrollee)) { return(Forbid()); } await _enrolleeService.DeleteEnrolleeAsync(enrolleeId); return(Ok(new ApiOkResponse <Enrollee>(enrollee))); }