public async Task <ActionResult <User> > Create([FromBody] CreateUserRequest request) { if (request.IsPasswordNotValid()) { return(BadRequest()); } var isNotAdministrator = !HttpContext.User.Identity.IsAuthenticated || !HttpContext.User.IsInRole("Administrator"); if (isNotAdministrator && request.IsRoleNotDefault()) { return(Forbid()); } var user = new User { Email = request.Email, Password = request.Password, Role = request.Role }; await _userRepository.Create(user); return(await _userRepository.FindByEmail(user.Email)); }