public ActionResult CreateForm(string projectId = "") { if (!_userContext.HasUserProjectPermission(PermissionNames.CreateObservation)) { return(new HttpUnauthorizedResult()); } if (!string.IsNullOrWhiteSpace(projectId)) { var project = _documentSession.Load <Project>(projectId); if (!_userContext.HasGroupPermission(PermissionNames.CreateObservation, project.Id)) { return(new HttpUnauthorizedResult()); // TODO: Probably should return a soft user error suggesting user joins project } } dynamic viewModel = new ExpandoObject(); viewModel.Observation = _sightingViewModelQuery.BuildCreateObservation(string.Empty, projectId); viewModel.CategorySelectList = GetCategorySelectList(); viewModel.ProjectsSelectList = GetProjectsSelectList(projectId); viewModel.Categories = Categories.GetAll(); return(RestfulResult( viewModel, "observations", "create")); }