public async Task <ActionResult <PhoneBookWithEntriesResponse> > GetPhoneBookWithEntries(Guid id) { // Check if the phone book exists PhoneBook phoneBook = await _phoneBookRepository .GetPhoneBookWithEntries(id); phoneBook.PhoneBookEntries = phoneBook.PhoneBookEntries .OrderBy(e => e.LastName) .ToList(); if (phoneBook == null) { return(NotFound()); } // Check if the phone book belongs to the current user Guid userId = Guid.Parse(_userInfoService.UserId); if (phoneBook.UserId == userId) { return(Ok(_mapper.Map <PhoneBookWithEntriesResponse>(phoneBook))); } _logger.LogWarning("User with id {ForbiddenUser} attempted to request a phone book owned by {OwningUser}", userId, phoneBook.UserId); // the phone book does not belong to the user // forbidden request return(Forbid()); }