public IHttpActionResult GetProfile(int contactId)
{
return(Authorized(token =>
{
try
{
// does the logged in user have permission to view this contact?
//TODO: Move this security logic to MP, if for some reason we absulutly can't then centerlize all security logic that exists in the gateway
var family = _serveService.GetImmediateFamilyParticipants(token);
Person person = null;
if (family.Where(f => f.ContactId == contactId).ToList().Count > 0)
{
person = _personService.GetPerson(contactId);
}
if (person == null)
{
return Unauthorized();
}
return Ok(person);
}
catch (Exception e)
{
var apiError = new ApiErrorDto("Get Profile Failed", e);
throw new HttpResponseException(apiError.HttpResponseMessage);
}
}));
}
