public IActionResult GetPatient(int patientId)
{
if (!User.IsInRole(Role.Doctor) && !_patientAuthorization.IsPatientOwnAccount(patientId, User))
{
Log.Error("You are not authorized to do this");
return(Unauthorized());
}
Log.Information("Getting information about patient");
var patient = _patientBusiness.GetPatient(patientId);
return(Ok(patient));
}
public IActionResult AddAppointment([FromBody] Appointment appointment)
{
if (!User.IsInRole(Role.Doctor) && !_patientAuthorization.IsPatientOwnAccount(appointment.Patient.UserId, User))
{
return(Unauthorized());
}
Log.Information($"Adding new appointment for {appointment.AppointmentDate.Date}");
var newAppointment = _appointmentBusiness.AddAppointment(appointment);
if (newAppointment == null)
{
Log.Warning("Bad Request - appointment was not added");
return(Conflict());
}
Log.Information("Appointment was added");
return(Created(nameof(GetAppointment), newAppointment));
}