/// <summary> /// Check if changes are made by data user /// </summary> /// <param name="id"></param> /// <param name="skillIds"></param> /// <returns></returns> private async Task <ActionResult> CheckUserIdPermission(Guid id, List <Guid> skillIds = null) { // Check if current user is the same from entity var oldEntity = (IUserIdEntity)await _repository.GetWithoutUserId(id); if (oldEntity == null) { return(NotFound()); } var currentId = _httpContextAccessor.HttpContext.User.GetUserId(); if (!oldEntity.UserId.Equals(currentId)) { throw new UserIdRelatedDataException(); } if (skillIds == null) { return(Ok()); } if (!skillIds.Any()) { return(Ok()); } var skills = await _skillRepository.GetAllWithoutUserId(); var currentSkills = skills.Where(s => skillIds.Contains(s.Id)).ToList(); if (!currentSkills.Any()) { return(Ok()); } if (currentSkills.Any(s => !s.UserId.Equals(currentId))) { throw new UserIdRelatedDataUsedException(); } return(Ok()); }