public IActionResult Get(long id) { Todo.Domain.Todo todo = _dataService.Get(id); if (todo == null) { return(NotFound("Todo couldn't be found.")); } var user = _userDataService.GetByEmail(User.Identity.Name); if (user.UserRole == 1) { return(Ok(todo.Text)); } else { if (_userDataService.CanUserManageTodo(user, todo)) { return(Ok(todo.Text)); } else { return(Unauthorized()); } } }