public HttpResponseMessage DeleteNote([FromUri] int id, [FromUri] int noteId) { var response = new HttpResponseMessage(); ResponseFormat responseData = new ResponseFormat(); //AuthorizationService _authorizationService = new AuthorizationService().SetPerm((int)EnumPermissions.LEAD_DELETE); IEnumerable <string> headerValues; if (Request.Headers.TryGetValues("Authorization", out headerValues)) { string jwt = headerValues.FirstOrDefault(); //validate jwt var payload = JwtTokenManager.ValidateJwtToken(jwt); if (payload.ContainsKey("error")) { if ((string)payload["error"] == ErrorMessages.TOKEN_EXPIRED) { response.StatusCode = HttpStatusCode.Unauthorized; responseData = ResponseFormat.Fail; responseData.message = ErrorMessages.TOKEN_EXPIRED; } if ((string)payload["error"] == ErrorMessages.TOKEN_INVALID) { response.StatusCode = HttpStatusCode.Unauthorized; responseData = ResponseFormat.Fail; responseData.message = ErrorMessages.TOKEN_INVALID; } } else { var userId = Convert.ToInt32(payload["id"]); var taskOwner = _taskTemplateService.GetTaskOwner(id); var noteOwner = _noteService.FindOwner(noteId); if ((userId == taskOwner) || (userId == noteOwner) || (new AuthorizationService().SetPerm((int)EnumPermissions.NOTE_DELETE_ANY).Authorize(userId))) { var isDeleted = _noteService.Delete(noteId); if (isDeleted) { response.StatusCode = HttpStatusCode.OK; responseData = ResponseFormat.Success; responseData.message = SuccessMessages.NOTE_DELETED; } else { response.StatusCode = HttpStatusCode.InternalServerError; responseData = ResponseFormat.Fail; responseData.message = ErrorMessages.SOMETHING_WRONG; } } else { response.StatusCode = HttpStatusCode.Forbidden; responseData = ResponseFormat.Fail; responseData.message = ErrorMessages.UNAUTHORIZED; } } } else { response.StatusCode = HttpStatusCode.Unauthorized; responseData = ResponseFormat.Fail; responseData.message = ErrorMessages.UNAUTHORIZED; } var json = JsonConvert.SerializeObject(responseData); response.Content = new StringContent(json, Encoding.UTF8, "application/json"); return(response); }