public JsonResult Delete(int id) { try { var child = _repository.GetChildById(id); var matchingNurs = User.FindAll("Nursery").FirstOrDefault(claim => claim.Value == child.NurseryId.ToString()); if (User.IsInRole("Admin") || matchingNurs != null) { _repository.DeleteChild(id); return(Json(new { Message = "Deleted" })); } } catch (Exception ex) { return(Json(new { Message = "Unable to delete: " + ex })); } Response.StatusCode = (int)HttpStatusCode.Unauthorized; return(Json("Unauthorized to delete this child")); }