public async Task <ActionResult> Roster([FromQuery] GetRosterModel model) { var user = await userManager.GetUserAsync(User); if (user == null || !(await userManager.IsInRoleAsync(user, UserHelpers.UserRoles.BusDriver.ToString()) || await userManager.IsInRoleAsync(user, UserHelpers.UserRoles.Staff.ToString()) || await userManager.IsInRoleAsync(user, UserHelpers.UserRoles.Volunteer.ToString()))) { return(Utilities.ErrorJson("Not authorized.")); } VolunteerRepository volunteerRepo = new VolunteerRepository(configModel.ConnectionString); // Volunteers must be teachers to have roster access if (User.IsInRole(UserHelpers.UserRoles.Volunteer.ToString()) && !volunteerRepo.VolunteerIsClassTeacher(user.VolunteerId)) { return(Utilities.ErrorJson("Not authorized.")); } try { ChildRepository repo = new ChildRepository(configModel.ConnectionString); if (model.Busid == 0 && model.Classid == 0) { // Must be staff to see full roster if (!User.IsInRole(UserHelpers.UserRoles.Staff.ToString())) { return(Utilities.ErrorJson("Not authorized.")); } return(new JsonResult(new { FullRoster = repo.GetChildren() })); } else { List <ChildModel> BusRoster = null; List <ChildModel> ClassRoster = null; if (model.Busid != 0) { BusRoster = repo.GetChildrenBus(model.Busid); } if (model.Classid != 0) { ClassRoster = repo.GetChildrenClass(model.Classid); } List <ChildModel> IntersectionRoster = repo.GetIntersection(BusRoster, ClassRoster); return(new JsonResult(new { BusRoster, ClassRoster, IntersectionRoster })); } } catch (Exception exc) { return(new JsonResult(new { Error = exc.Message, })); } }