public IActionResult Patch([FromBody] VacationRequestDto request) { var user = _accessTokenProvider.GetTokenPayload(); if (user == null) { return(Unauthorized()); } if (!user.IsManager) { return(StatusCode(403)); } if (request?.NewState == null || !Enum.IsDefined(typeof(VacationRequestState), request.NewState)) { _logger.Warning("Invalid request update", new { user, request }); return(BadRequest()); } if (!_vacationRepository.UpdateVacationRequest(request, user.UserId)) { return(StatusCode(403)); } if (request.NewState != VacationRequestState.Pending) { var updatedRequest = _vacationRepository.GetVacationRequest(request.RequestId); var requestUser = _userRepository.GetUser(updatedRequest.UserId, null); _mailHelper.SendVacationRequestStateMail(requestUser, updatedRequest); } return(Accepted()); }