public ActionResult <TClientResource> CreateOrUpdate(string id, [FromBody] TClientResource resource) { var user = this.httpSessionManager_.GetUserFromRequest(Request); var serverResource = this.resourceManager_.Get(id); if (serverResource != null) { // Update path if (!this.authorizationPolicy_.CanWrite(user, serverResource)) { return(Unauthorized()); } this.ModelMapper.Map(resource, serverResource); } else { // Create path if (!this.authorizationPolicy_.CanCreate(user)) { return(Unauthorized()); } serverResource = this.ModelMapper.Map <TServerResource>(resource); serverResource.Id = id; serverResource.Owner = user != null ? user.Id : serverResource.Id; } if (!this.modelValidator_.Validate(serverResource)) { return(BadRequest("Invalid model")); } return(Ok(this.ModelMapper.Map <TClientResource>(resourceManager_.AddOrUpdate(serverResource)))); }