private async Task <bool> IsOwnedByPatientIllnessHistory(decimal illnessHistoryId, BaseController baseController)
{
var illnessHistory = _illnessesHistoryRepository.GetByID(illnessHistoryId);
var visit = _visitsRepository.GetByID(illnessHistory.VisitId);
if (baseController.UserIsPatientAndDoesntHaveAccess(visit.Reservation.PatientId))
{
return(false);
}
return(true);
}
public async Task <ActionResult <Illnesshistory> > Single(decimal illnessHistoryId)
{
var illnesshistory = _repository.GetByID(illnessHistoryId);
if (illnesshistory == null)
{
return(NotFound(NotFoundEmptyJsonResult));
}
if (!await _authorizationService.CanUserAccessIllnessHistory(illnessHistoryId, this))
{
return(Unauthorized(UnauthorizedEmptyJsonResult));
}
return(illnesshistory);
}