// todo refactor game request into GameUpdateRequest (which requires the Id) and GameCreateRequest (which has no required Id field) - and remove the Id param from the definition below
 public async Task <IActionResult> Update([FromRoute] int id, [FromBody] GameRequest game)
 {
     if ((await _authorizationService.AuthorizeAsync(User, id, HttpContext.ScopeItems(ClaimScope.Game))).Succeeded)
     {
         var gameModel = game.ToModel();
         gameModel.Id = id;
         _gameCoreController.Update(gameModel);
         return(Ok());
     }
     return(Forbid());
 }
 public async Task <IActionResult> Create([FromBody] GameRequest newGame)
 {
     if ((await _authorizationService.AuthorizeAsync(User, Platform.AllId, HttpContext.ScopeItems(ClaimScope.Global))).Succeeded ||
         (await _authorizationService.AuthorizeAsync(User, int.Parse(User.Identity.Name), HttpContext.ScopeItems(ClaimScope.User))).Succeeded)
     {
         var game = newGame.ToModel();
         _gameCoreController.Create(game, int.Parse(User.Identity.Name));
         var gameContract = game.ToContract();
         return(new ObjectResult(gameContract));
     }
     return(Forbid());
 }