public async Task <IHttpActionResult> Patch(int key, Delta <ElementItem> patch) { var elementItem = await _resourcePoolManager.GetElementItemSet(key, true, item => item.Element.ResourcePool).SingleOrDefaultAsync(); // Owner check: Entity must belong to the current user var currentUserId = User.Identity.GetUserId <int>(); if (currentUserId != elementItem.Element.ResourcePool.UserId) { return(StatusCode(HttpStatusCode.Forbidden)); } patch.Patch(elementItem); await _resourcePoolManager.SaveChangesAsync(); return(Ok(elementItem)); }