private ViewResult ItemView(int id) { var order = orderRepository.GetById(id); if (userService.CurrentUser.IsAdministrator) { var cookie = Request.Cookies["privateKey"]; if (cookie != null) { var privateKey = cookie.Value.Replace("%3D", "="); if (!order.PayByTelephone) { var card = order.Card.Copy(); try { encryptionService.PrivateKey = privateKey; encryptionService.DecryptCard(card); return(View("Item", CheckoutViewData(order).WithCard(card))); } catch (ValidationException exception) { return(View("Item", CheckoutViewData(order).WithErrorMessage(exception.Message))); } } } } userService.CurrentUser.EnsureCanView(order); return(View("Item", CheckoutViewData(order))); }