public async Task RemoveMemberAsync(GroupMemberChangeRequest request, UserSession loggedUserSession) { ValidateRequest(request); Group gp = await groupRepository.FindByIdAsync(request.GroupId); bool canEdit = (gp.OwnerUserId.Equals(loggedUserSession.UserId, StringComparison.InvariantCultureIgnoreCase) || loggedUserSession.UserId.Equals(request.MemberUserId, StringComparison.InvariantCultureIgnoreCase)); // only the owner can remove users or the user can remove him self if (!canEdit) { throw new ValidationException("Access denied"); } if (gp.OwnerUserId.Equals(request.MemberUserId, StringComparison.InvariantCultureIgnoreCase)) { throw new ValidationException("Unable to remove owner"); } var dbUser = await userRepository.FindByIdAsync(request.MemberUserId); if (dbUser == null) { throw new ValidationException("invalid member id"); } if (gp.Members.Any(i => i.Equals(request.MemberUserId, StringComparison.InvariantCultureIgnoreCase))) { await groupRepository.RemoveMemberAsync(request.GroupId, request.MemberUserId); await messageSender.RemoveDestinationListenerAsync( new Destination(DestinationType.Group, gp.Id), new Destination(DestinationType.User, request.MemberUserId)); } }