public HttpResponseMessage GetTeachersByStudentUserName([FromUri] string studentUserName) { string userId = ((ClaimsPrincipal)RequestContext.Principal).FindFirst(x => x.Type == "UserId").Value; string userRole = ((ClaimsPrincipal)RequestContext.Principal).FindFirst(x => x.Type == ClaimTypes.Role).Value; logger.Info("UserRole: " + userRole + ", UserId: " + userId + ": Requesting Teacher Collection - " + "By student User Name: " + studentUserName + " - Sorted Asc By Name"); try { if (userRole == "admin" || userRole == "teacher") { StudentTeacherDTOItems teachers = teachersService.GetTeachersByStudentUserName(studentUserName); if (teachers == null) { logger.Info("Teachers by student User Name: " + studentUserName + " were not found."); return(Request.CreateResponse(HttpStatusCode.BadRequest, "Teachers by student User Name: " + studentUserName + " were not found.")); } logger.Info("Success!"); return(Request.CreateResponse(HttpStatusCode.OK, teachers)); } else if (userRole == "student") { StudentTeacherDTOItems teachers = teachersService.GetTeachersByStudentUserName(studentUserName); if (teachers == null || teachers.Id != userId) { logger.Info("Authorisation failure. User " + userId + " is not authorised for this request."); return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Access Denied. " + "We’re sorry, but you are not authorized to perform the requested operation.")); } logger.Info("Success!"); return(Request.CreateResponse(HttpStatusCode.OK, teachers)); } else { StudentTeacherDTOItems teachers = teachersService.GetTeachersByStudentUserNameForParent(studentUserName, userId); if (teachers == null) { logger.Info("Failed."); return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Failed.")); } logger.Info("Success!"); return(Request.CreateResponse(HttpStatusCode.OK, teachers)); } } catch (Exception e) { logger.Error(e); return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, e)); } }