public async Task <IActionResult> GetBillsByPeriod(int billingPeriodId) { var billingPeriod = await _billRepository.BillingPeriodFromId(billingPeriodId); if (billingPeriod == null) { var err = new DTO.ErrorBuilder() .Message("Billing period not found.") .Code(404) .Build(); return(err); } if (this.UserInRole(Role.Tenant)) { var userId = this.UserIdFromApiKey(); var tenantId = await _tenantRepository.TenantIdFromUserId(userId); if (tenantId == null) { var err = new DTO.ErrorBuilder() .Message("Not a tenant") .Code(400) .Build(); return(err); } var bills = await _billRepository.GetBills((int)tenantId, billingPeriod); var billDTOs = bills.Select(b => new DTO.BillDTO(b)).ToList(); return(new ObjectResult(billDTOs)); } else if (this.UserInRole(Role.Manager) || this.UserInRole(Role.Admin)) { var bills = await _billRepository.GetBills(billingPeriod); var billDTOs = bills.Select(b => new DTO.BillDTO(b)).ToList(); return(new ObjectResult(billDTOs)); } else { var err = new DTO.ErrorBuilder() .Message("You are not authorized to view billing information.") .Code(403) .Build(); _logger.LogWarning($"Unauthorized access attempt to view billing information."); return(err); } }