public async Task <IActionResult> GetByIdAsync(int id) { if (!_authorizationUtil.IsUserInRole(User, Roles.Admin) && !_authorizationUtil.IsUserTheSame(User, id)) { return(Forbid()); } var user = await _userBusiness.GetByIdAsync(id); if (user == null) { return(NotFound()); } return(Ok(user)); }