public ActionResult Cancel(int?id) { if (id == null) { return(new HttpStatusCodeResult(HttpStatusCode.BadRequest)); } SaleOrder order = _context.SaleOrders.Find(id); if (order == null) { return(HttpNotFound()); } if (order.UserId != Global.User.Id) { return(new HttpStatusCodeResult(HttpStatusCode.Unauthorized)); } order.CancelOrder(); _context.Entry(order).State = EntityState.Modified; _context.SaveChanges(); return(RedirectToAction("Index")); }