private bool CanAccessOwner(int businessId, int ownerId)
{
// validate that the current user can access this record
string userId = UserAccountHelper.GetUserId(_httpContext);
bool isBusiness = UserAccountHelper.IsBusiness(_httpContext);
// not a business user
if (string.IsNullOrEmpty(userId) || !isBusiness)
{
return(false);
}
// get business & owner record
HetOwner owner = _context.HetOwner.AsNoTracking()
.Include(x => x.Business)
.ThenInclude(x => x.HetBusinessUser)
.FirstOrDefault(x => x.BusinessId == businessId &&
x.OwnerId == ownerId);
// get user
HetBusinessUser user = owner?.Business?.HetBusinessUser
.FirstOrDefault(x => x.BceidUserId.Equals(userId, StringComparison.InvariantCultureIgnoreCase));
// no access to business or business doesn't exist
return(user != null);
}