public async Task<ApiMessage> Post(Guid id, ItemListCreateModel model) { ItemList item = new ItemList(model); ApiMessage msg = new ApiMessage() { success = false }; IEnumerable<string> xAccessKey; bool hasKey = Request.Headers.TryGetValues("X-Access-Key", out xAccessKey); bool authorized = false; if (hasKey) { Device device = new Device() { access_key = xAccessKey.First() }; authorized = await device.FindByAccessKey(device.access_key, true); DeviceOwner downer = new DeviceOwner() { device = new Device() { id = device.id } }; authorized = await downer.FindByDeviceId(); GroupList group = new GroupList() { id = id }; bool hasauthorized = await group.FindById(); Membership member = new Membership() { user_id = downer.user.id, group_id = id }; if (hasauthorized) { authorized = await member.FindByDeviceIdAndGroupId(); authorized = member.status == MembershipStatus.Kicked ? false : true; item.group_id = group.id; item.created_by = downer.user.id; item.creator = downer.user; } } if (hasKey && authorized) { if (ModelState.IsValid) { bool success = await item.Create(); if (success) { msg.message = "Item is created successfully"; msg.success = true; msg.data = item.Return; } else { msg.message = "Failed to add item"; } } else { msg.message = "Data is not completed"; } } else { msg.message = "Unauthorized"; } return msg; }