public IHttpActionResult GetAllUsers() { using (var _db = new DatabaseContext()) { try { // Throws ExceptionService.NoTokenProvidedException // Throws ExceptionService.SessionNotFoundException var session = ControllerHelpers.ValidateAndUpdateSession(Request); var _userManager = new UserManagementManager(_db); var user = _userManager.GetUser(session.UserId); if (user.IsAdministrator) { var users = _userManager.GetUsers(); _db.SaveChanges(); var responseUsers = Content(HttpStatusCode.OK, users); return(responseUsers); } else { return(Content(HttpStatusCode.Unauthorized, "Non-administrators cannot view all users.")); } } catch (Exception e) when(e is UserNotFoundException) { return(Content(HttpStatusCode.NotFound, e.Message)); } catch (Exception e) when(e is InvalidGuidException) { return(Content(HttpStatusCode.BadRequest, e.Message)); } catch (Exception e) when(e is NoTokenProvidedException || e is SessionNotFoundException || e is UserIsNotAdministratorException) { return(Content(HttpStatusCode.Unauthorized, e.Message)); } catch (Exception e) { if (e is DbUpdateException || e is DbEntityValidationException) { _db.RevertDatabaseChanges(_db); } return(InternalServerError()); } } }