cms_thermo_active/Thermo.Active/Controllers/WebApi/AuthorizationController.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Web.Http;
using Thermo.Active.Database.Controllers;
using Thermo.Active.Model.DTOModels;
using static Thermo.Active.Model.Constants;

namespace Thermo.Active.Controllers.WebApi
{
    [RoutePrefix("api/authorization")]
    public class AuthorizationController : ApiController
    {
        [Route("functions"), HttpGet]
        [WebApiAuthorize(FunctionAccess = FUNCTIONALITY_NAMES.GENERAL, Action = ACTIONS.READ)]
        public IHttpActionResult GetFunctionsConfig()
        {
            using (FunctionsAccessController acController = new FunctionsAccessController())
            {
                var identity = User.Identity as ClaimsIdentity;
                // Get data
                var machineId = identity.Claims.FirstOrDefault(c => c.Type == MACHINE_ID_KEY);
                var userId = identity.Claims.FirstOrDefault(c => c.Type == USER_ID_KEY);

                using (MachinesUsersController userContr = new MachinesUsersController())
                {
                    // Get user role level
                    var role = userContr.GetUserRole(Convert.ToInt32(machineId.Value), Convert.ToInt32(userId.Value));
                    if (role == null)
                        return BadRequest();
                    // Get functions by role
                    List<DTOFunctionAccessModel> functionsList = acController.GetFunctionsAccess(role.Level);
                    if (functionsList == null)
                        return NotFound();

                    return Ok(functionsList);
                }
            }
        }
    }
}