public IHttpActionResult DeleteRestore(int id) { //Users have to be able to hide their own work, even if not admins var user = User.Identity as ClaimsIdentity; if (!(user.HasClaim("user", "true") || user.HasClaim("admin", "true"))) { return(Unauthorized()); } repo.DeleteRestoreWork(id); return(Ok()); }