public HttpResponseMessage CreateNote([FromUri] int id) { var response = new HttpResponseMessage(); ResponseFormat responseData = new ResponseFormat(); IEnumerable <string> headerValues; if (Request.Headers.TryGetValues("Authorization", out headerValues)) { string jwt = headerValues.FirstOrDefault(); AuthorizationService _authorizationService = new AuthorizationService().SetPerm((int)EnumPermissions.NOTE_CREATE); //validate jwt var payload = JwtTokenManager.ValidateJwtToken(jwt); if (payload.ContainsKey("error")) { if ((string)payload["error"] == ErrorMessages.TOKEN_EXPIRED) { response.StatusCode = HttpStatusCode.Unauthorized; responseData = ResponseFormat.Fail; responseData.message = ErrorMessages.TOKEN_EXPIRED; } if ((string)payload["error"] == ErrorMessages.TOKEN_INVALID) { response.StatusCode = HttpStatusCode.Unauthorized; responseData = ResponseFormat.Fail; responseData.message = ErrorMessages.TOKEN_INVALID; } } else { var userId = Convert.ToInt32(payload["id"]); var isAuthorized = _authorizationService.Authorize(userId); if (isAuthorized) { string noteBody = HttpContext.Current.Request.Form["body"]; if (!string.IsNullOrEmpty(noteBody)) { //create a note NoteApiModel apiModel = new NoteApiModel(); apiModel.body = noteBody; apiModel.createdBy = new UserLinkApiModel() { id = userId }; var templateId = _taskTemplateService.GetCallTemplateId(id); apiModel.taskTemplate = templateId; var createdNote = _noteService.Create(apiModel); //create files and link them to note if (HttpContext.Current.Request.Files.Count > 0) { var allFiles = HttpContext.Current.Request.Files; foreach (string fileName in allFiles) { HttpPostedFile uploadedFile = allFiles[fileName]; FileManager.File file = new FileManager.File(uploadedFile); _noteService.AddFile(createdNote, file); } } response.StatusCode = HttpStatusCode.OK; responseData = ResponseFormat.Success; responseData.message = SuccessMessages.NOTE_ADDED; } else { response.StatusCode = HttpStatusCode.BadRequest; responseData = ResponseFormat.Fail; responseData.message = ErrorMessages.NOTE_EMPTY; } } else { response.StatusCode = HttpStatusCode.Forbidden; responseData = ResponseFormat.Fail; responseData.message = ErrorMessages.UNAUTHORIZED; } } } else { response.StatusCode = HttpStatusCode.Unauthorized; responseData = ResponseFormat.Fail; responseData.message = ErrorMessages.UNAUTHORIZED; } var json = JsonConvert.SerializeObject(responseData); response.Content = new StringContent(json, Encoding.UTF8, "application/json"); return(response); }