AssetAdministrationShellRepositoryAPIApi.cs

/*
 * DotAAS Part 2 | HTTP/REST | Asset Administration Shell Repository Service Specification
 *
 * The Full Profile of the Asset Administration Shell Repository Service Specification as part of the [Specification of the Asset Administration Shell: Part 2](http://industrialdigitaltwin.org/en/content-hub).   Publisher: Industrial Digital Twin Association (IDTA) April 2023
 *
 * OpenAPI spec version: V3.0.1_SSP-001
 * Contact: info@idtwin.org
 * Generated by: https://github.com/swagger-api/swagger-codegen.git
 */

using AasSecurity.Exceptions;
using AasxServer;
using AasxServerStandardBib.Interfaces;
using AasxServerStandardBib.Logging;
using AdminShellNS.Lib.V3.Models;
using DataTransferObjects.MetadataDTOs;
using DataTransferObjects.ValueDTOs;
using IO.Swagger.Attributes;
using IO.Swagger.Lib.V3.Interfaces;
using IO.Swagger.Lib.V3.Models;
using IO.Swagger.Lib.V3.SerializationModifiers.Mappers;
using IO.Swagger.Models;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Swashbuckle.AspNetCore.Annotations;
using System;
using System.Collections.Generic;
using System.ComponentModel.DataAnnotations;
using System.IO;
using System.Linq;
using System.Net.Mime;
using System.Security.Claims;

namespace IO.Swagger.Controllers;

using System.Threading.Tasks;

/// <summary>
/// 
/// </summary>
[Authorize(AuthenticationSchemes = "AasSecurityAuth")]
[ApiController]
public class AssetAdministrationShellRepositoryAPIApiController : ControllerBase
{
    private readonly IAppLogger<AssetAdministrationShellRepositoryAPIApiController> _logger;
    private readonly IAssetAdministrationShellService _aasService;
    private readonly IBase64UrlDecoderService _decoderService;
    private readonly IReferenceModifierService _referenceModifierService;
    private readonly IMappingService _mappingService;
    private readonly IPathModifierService _pathModifierService;
    private readonly ILevelExtentModifierService _levelExtentModifierService;
    private readonly IPaginationService _paginationService;
    private readonly IAuthorizationService _authorizationService;

    /// <summary>
    /// 
    /// </summary>
    /// <param name="logger"></param>
    /// <param name="aasService"></param>
    /// <param name="decoderService"></param>
    /// <param name="referenceModifierService"></param>
    /// <param name="mappingService"></param>
    /// <param name="pathModifierService"></param>
    /// <param name="levelExtentModifierService"></param>
    /// <param name="paginationService"></param>
    /// <param name="authorizationService"></param>
    /// <exception cref="ArgumentNullException"></exception>
    public AssetAdministrationShellRepositoryAPIApiController(IAppLogger<AssetAdministrationShellRepositoryAPIApiController> logger,
                                                              IAssetAdministrationShellService aasService, IBase64UrlDecoderService decoderService,
                                                              IReferenceModifierService referenceModifierService,
                                                              IMappingService mappingService, IPathModifierService pathModifierService,
                                                              ILevelExtentModifierService levelExtentModifierService, IPaginationService paginationService,
                                                              IAuthorizationService authorizationService)
    {
        _logger                     = logger ?? throw new ArgumentNullException(nameof(logger));
        _aasService                 = aasService ?? throw new ArgumentNullException(nameof(aasService));
        _decoderService             = decoderService ?? throw new ArgumentNullException(nameof(decoderService));
        _referenceModifierService   = referenceModifierService ?? throw new ArgumentNullException(nameof(referenceModifierService));
        _mappingService             = mappingService ?? throw new ArgumentNullException(nameof(mappingService));
        _pathModifierService        = pathModifierService ?? throw new ArgumentNullException(nameof(pathModifierService));
        _levelExtentModifierService = levelExtentModifierService ?? throw new ArgumentNullException(nameof(levelExtentModifierService));
        _paginationService          = paginationService ?? throw new ArgumentNullException(nameof(paginationService));
        _authorizationService       = authorizationService ?? throw new ArgumentNullException(nameof(authorizationService));
    }

    /// <summary>
    /// Deletes an Asset Administration Shell
    /// </summary>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <response code="204">Asset Administration Shell deleted successfully</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpDelete]
    [Route("/shells/{aasIdentifier}")]
    [ValidateModelState]
    [SwaggerOperation("DeleteAssetAdministrationShellById")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult DeleteAssetAdministrationShellById([FromRoute] [Required] string aasIdentifier)
    {
        var decodedAasIdentifier = _decoderService.Decode("aasIdentifier", aasIdentifier);

        _logger.LogInformation($"Received request to delete AAS with id {decodedAasIdentifier}");
        _aasService.DeleteAssetAdministrationShellById(decodedAasIdentifier);

        return NoContent();
    }

    /// <summary>
    /// Deletes file content of an existing submodel element at a specified path within submodel elements hierarchy
    /// </summary>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="idShortPath">IdShort path to the submodel element (dot-separated)</param>
    /// <response code="200">Submodel element updated successfully</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpDelete]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}/submodel-elements/{idShortPath}/attachment")]
    [ValidateModelState]
    [SwaggerOperation("DeleteFileByPathAasRepository")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult DeleteFileByPathAasRepository([FromRoute] [Required] string aasIdentifier, [FromRoute] [Required] string submodelIdentifier,
                                                               [FromRoute] [Required] string idShortPath)
    {
        _logger.LogInformation($"Received request to delete a file from AAS");

        var decodedAasIdentifier = _decoderService.Decode("aasIdentifier", aasIdentifier);
        var decodedSmIdentifier  = _decoderService.Decode("submodelIdentifier", submodelIdentifier);

        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        if (decodedSmIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedSmIdentifier)} is null");
        }

        if (!Program.noSecurity)
        {
            var submodel = _aasService.GetSubmodelById(decodedAasIdentifier, decodedSmIdentifier);
            User.Claims.ToList().Add(new Claim("idShortPath", $"{submodel.IdShort}.{idShortPath}"));
            var claimsList = new List<Claim>(User.Claims) {new("IdShortPath", $"{submodel.IdShort}.{idShortPath}")};
            var identity   = new ClaimsIdentity(claimsList, "AasSecurityAuth");
            var principal  = new System.Security.Principal.GenericPrincipal(identity, null);
            var authResult = _authorizationService.AuthorizeAsync(principal, submodel, "SecurityPolicy").Result;
            if (!authResult.Succeeded)
            {
                throw new NotAllowed(authResult.Failure.FailureReasons.FirstOrDefault()?.Message ?? string.Empty);
            }
        }

        _aasService.DeleteFileByPath(decodedAasIdentifier, decodedSmIdentifier, idShortPath);

        return NoContent();
    }

    /// <summary>
    /// Deletes the submodel from the Asset Administration Shell and the Repository.
    /// </summary>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <response code="204">Submodel deleted successfully</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpDelete]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}")]
    [ValidateModelState]
    [SwaggerOperation("DeleteSubmodelByIdAasRepository")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult DeleteSubmodelByIdAasRepository([FromRoute] [Required] string aasIdentifier, [FromRoute] [Required] string submodelIdentifier)
    {
        _logger.LogInformation($"Received request to delete a submodel from AAS");

        var decodedAasIdentifier = _decoderService.Decode("aasIdentifier", aasIdentifier);
        var decodedSmIdentifier  = _decoderService.Decode("submodelIdentifier", submodelIdentifier);

        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        if (decodedSmIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedSmIdentifier)} is null");
        }

        _aasService.DeleteSubmodelById(decodedAasIdentifier, decodedSmIdentifier);

        return NoContent();
    }

    /// <summary>
    /// Deletes a submodel element at a specified path within the submodel elements hierarchy
    /// </summary>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="idShortPath">IdShort path to the submodel element (dot-separated)</param>
    /// <response code="204">Submodel element deleted successfully</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpDelete]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}/submodel-elements/{idShortPath}")]
    [ValidateModelState]
    [SwaggerOperation("DeleteSubmodelElementByPathAasRepository")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult DeleteSubmodelElementByPathAasRepository([FromRoute] [Required] string aasIdentifier, [FromRoute] [Required] string submodelIdentifier,
                                                                          [FromRoute] [Required] string idShortPath)
    {
        _logger.LogInformation($"Received request to delete a SubmodelElement from AAS");
        var decodedAasIdentifier = _decoderService.Decode("aasIdentifier", aasIdentifier);
        var decodedSmIdentifier  = _decoderService.Decode("submodelIdentifier", submodelIdentifier);

        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        if (decodedSmIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedSmIdentifier)} is null");
        }

        if (!Program.noSecurity)
        {
            var submodel = _aasService.GetSubmodelById(decodedAasIdentifier, decodedSmIdentifier);
            User.Claims.ToList().Add(new Claim("idShortPath", $"{submodel.IdShort}.{idShortPath}"));
            var claimsList = new List<Claim>(User.Claims) {new("IdShortPath", $"{submodel.IdShort}.{idShortPath}")};
            var identity   = new ClaimsIdentity(claimsList, "AasSecurityAuth");
            var principal  = new System.Security.Principal.GenericPrincipal(identity, null);
            var authResult = _authorizationService.AuthorizeAsync(principal, submodel, "SecurityPolicy").Result;
            if (!authResult.Succeeded)
            {
                throw new NotAllowed(authResult.Failure.FailureReasons.FirstOrDefault()?.Message ?? string.Empty);
            }
        }

        _aasService.DeleteSubmodelElementByPath(decodedAasIdentifier, decodedSmIdentifier, idShortPath);

        return NoContent();
    }

    /// <summary>
    /// Deletes the submodel reference from the Asset Administration Shell. Does not delete the submodel itself!
    /// </summary>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <response code="204">Submodel reference deleted successfully</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpDelete]
    [Route("/shells/{aasIdentifier}/submodel-refs/{submodelIdentifier}")]
    [ValidateModelState]
    [SwaggerOperation("DeleteSubmodelReferenceByIdAasRepository")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult DeleteSubmodelReferenceByIdAasRepository([FromRoute] [Required] string aasIdentifier, [FromRoute] [Required] string submodelIdentifier)
    {
        var decodedAasIdentifier = _decoderService.Decode("aasIdentifier", aasIdentifier);
        var decodedSmIdentifier  = _decoderService.Decode("submodelIdentifier", submodelIdentifier);

        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        if (decodedSmIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedSmIdentifier)} is null");
        }

        _logger.LogInformation($"Received request to delete submodel reference with id {submodelIdentifier} from the AAS with id {aasIdentifier}.");
        _aasService.DeleteSubmodelReferenceById(decodedAasIdentifier, decodedSmIdentifier);

        return NoContent();
    }

    /// <summary>
    /// 
    /// </summary>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <response code="200">Thumbnail deletion successful</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpDelete]
    [Route("/shells/{aasIdentifier}/asset-information/thumbnail")]
    [ValidateModelState]
    [SwaggerOperation("DeleteThumbnailAasRepository")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult DeleteThumbnailAasRepository([FromRoute] [Required] string aasIdentifier)
    {
        var decodedAasIdentifier = _decoderService.Decode("aasIdentifier", aasIdentifier);

        _logger.LogInformation($"Received request to delete the thumbnail from the AAS with id {decodedAasIdentifier}.");

        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        _aasService.DeleteThumbnail(decodedAasIdentifier);

        return NoContent();
    }

    /// <summary>
    /// Returns all Asset Administration Shells
    /// </summary>
    /// <param name="assetIds">A list of specific Asset identifiers. Each Asset identifier is a base64-url-encoded [SpecificAssetId](https://api.swaggerhub.com/domains/Plattform_i40/Part1-MetaModel-Schemas/V3.0.1#/components/schemas/SpecificAssetId)</param>
    /// <param name="idShort">The Asset Administration Shell’s IdShort</param>
    /// <param name="limit">The maximum number of elements in the response array</param>
    /// <param name="cursor">A server-generated identifier retrieved from pagingMetadata that specifies from which position the result listing should continue</param>
    /// <response code="200">Requested Asset Administration Shells</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpGet]
    [Route("/shells")]
    [ValidateModelState]
    [SwaggerOperation("GetAllAssetAdministrationShells")]
    [SwaggerResponse(statusCode: 200, type: typeof(PagedResult), description: "Requested Asset Administration Shells")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    // TODO (jtikekar, 2023-09-04): assetIds: string or specific asset id, and what about Base64Uel encoding
    public virtual IActionResult GetAllAssetAdministrationShells([FromQuery] List<SpecificAssetId>? assetIds, [FromQuery] string? idShort, [FromQuery] int? limit,
                                                                 [FromQuery] string? cursor)
    {
        _logger.LogInformation($"Received the request to get all Asset Administration Shells.");

        var aasList = _aasService.GetAllAssetAdministrationShells(assetIds, idShort);
        var output  = _paginationService.GetPaginatedList(aasList, new PaginationParameters(cursor, limit));
        return new ObjectResult(output);
    }

    /// <summary>
    /// Returns References to all Asset Administration Shells
    /// </summary>
    /// <param name="assetIds">A list of specific Asset identifiers. Each Asset identifier is a base64-url-encoded [SpecificAssetId](https://api.swaggerhub.com/domains/Plattform_i40/Part1-MetaModel-Schemas/V3.0.1#/components/schemas/SpecificAssetId)</param>
    /// <param name="idShort">The Asset Administration Shell’s IdShort</param>
    /// <param name="limit">The maximum number of elements in the response array</param>
    /// <param name="cursor">A server-generated identifier retrieved from pagingMetadata that specifies from which position the result listing should continue</param>
    /// <response code="200">Requested Asset Administration Shells as a list of References</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpGet]
    [Route("/shells/$reference")]
    [ValidateModelState]
    [SwaggerOperation("GetAllAssetAdministrationShellsReference")]
    [SwaggerResponse(statusCode: 200, type: typeof(GetReferencesResult), description: "Requested Asset Administration Shells as a list of References")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    // TODO (jtikekar, 2023-09-04): assetIds: string or specific asset id, and what about Base64Uel encoding
    //public virtual IActionResult GetAllAssetAdministrationShellsReference([FromQuery] List<string> assetIds, [FromQuery] string idShort, [FromQuery] int? limit, [FromQuery] string cursor)
    public virtual IActionResult GetAllAssetAdministrationShellsReference([FromQuery] List<SpecificAssetId>? assetIds, [FromQuery] string? idShort, [FromQuery] int? limit,
                                                                          [FromQuery] string? cursor)
    {
        _logger.LogInformation($"Received the request to get all Asset Administration Shells.");

        var aasList          = _aasService.GetAllAssetAdministrationShells(assetIds, idShort);
        var aasPaginatedList = _paginationService.GetPaginatedList(aasList, new PaginationParameters(cursor, limit));
        var references       = _referenceModifierService.GetReferenceResult(aasPaginatedList.result.ConvertAll(a => (IReferable)a));
        var output = new ReferencePagedResult(references, aasPaginatedList.paging_metadata);
        return new ObjectResult(output);
    }

    /// <summary>
    /// Returns all submodel elements including their hierarchy
    /// </summary>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="limit">The maximum number of elements in the response array</param>
    /// <param name="cursor">A server-generated identifier retrieved from pagingMetadata that specifies from which position the result listing should continue</param>
    /// <param name="level">Determines the structural depth of the respective resource content</param>
    /// <param name="extent">Determines to which extent the resource is being serialized</param>
    /// <response code="200">List of found submodel elements</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpGet]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}/submodel-elements")]
    [ValidateModelState]
    [SwaggerOperation("GetAllSubmodelElementsAasRepository")]
    [SwaggerResponse(statusCode: 200, type: typeof(GetSubmodelElementsResult), description: "List of found submodel elements")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult GetAllSubmodelElementsAasRepository([FromRoute] [Required] string aasIdentifier, [FromRoute] [Required] string submodelIdentifier,
                                                                     [FromQuery] int? limit, [FromQuery] string? cursor, [FromQuery] LevelEnum level,
                                                                     [FromQuery] ExtentEnum extent)
    {
        var decodedAasIdentifier = _decoderService.Decode("aasIdentifier", aasIdentifier);
        var decodedSmIdentifier  = _decoderService.Decode("submodelIdentifier", submodelIdentifier);

        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        if (decodedSmIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedSmIdentifier)} is null");
        }

        _logger.LogInformation($"Received request to get all the submodel elements from submodel with id {submodelIdentifier} and the AAS with id {aasIdentifier}.");
        if (!Program.noSecurity)
        {
            var submodel   = _aasService.GetSubmodelById(decodedAasIdentifier, decodedSmIdentifier);
            var authResult = _authorizationService.AuthorizeAsync(User, submodel, "SecurityPolicy").Result;
            if (!authResult.Succeeded)
            {
                throw new NotAllowed(authResult.Failure.FailureReasons.FirstOrDefault()?.Message ?? string.Empty);
            }
        }

        var submodelElements = _aasService.GetAllSubmodelElements(decodedAasIdentifier, decodedSmIdentifier);

        var smePaginated = _paginationService.GetPaginatedList(submodelElements, new PaginationParameters(cursor, limit));
        var smeLevelList = _levelExtentModifierService.ApplyLevelExtent(smePaginated.result ?? [], level, extent);
        var output       = new PagedResult() {result = smeLevelList.ConvertAll(sme => sme), paging_metadata = smePaginated.paging_metadata};
        return new ObjectResult(output);
    }

    /// <summary>
    /// Returns all submodel elements including their hierarchy
    /// </summary>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="limit">The maximum number of elements in the response array</param>
    /// <param name="cursor">A server-generated identifier retrieved from pagingMetadata that specifies from which position the result listing should continue</param>
    /// <param name="level">Determines the structural depth of the respective resource content</param>
    /// <response code="200">List of found submodel elements</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpGet]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}/submodel-elements/$metadata")]
    [ValidateModelState]
    [SwaggerOperation("GetAllSubmodelElementsMetadataAasRepository")]
    [SwaggerResponse(statusCode: 200, type: typeof(MetadataPagedResult), description: "List of found submodel elements")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult GetAllSubmodelElementsMetadataAasRepository([FromRoute] [Required] string aasIdentifier, [FromRoute] [Required] string submodelIdentifier,
                                                                             [FromQuery] int? limit, [FromQuery] [Required] string cursor, [FromQuery] LevelEnum level)
    {
        var decodedAasIdentifier      = _decoderService.Decode("aasIdentifier", aasIdentifier);
        var decodedSubmodelIdentifier = _decoderService.Decode("submodelIdentifier", submodelIdentifier);

        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        if (decodedSubmodelIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedSubmodelIdentifier)} is null");
        }

        _logger.LogInformation($"Received request to get metadata of all the submodel elements from the submodel with id {decodedSubmodelIdentifier} and AAS with id {decodedAasIdentifier}");
        if (!Program.noSecurity)
        {
            var submodel   = _aasService.GetSubmodelById(decodedAasIdentifier, decodedSubmodelIdentifier);
            var authResult = _authorizationService.AuthorizeAsync(User, submodel, "SecurityPolicy").Result;
            if (!authResult.Succeeded)
            {
                throw new NotAllowed(authResult.Failure.FailureReasons.FirstOrDefault()?.Message ?? string.Empty);
            }
        }

        var smeList = _aasService.GetAllSubmodelElements(decodedAasIdentifier, decodedSubmodelIdentifier);

        var smePaginated    = _paginationService.GetPaginatedList(smeList, new PaginationParameters(cursor, limit));
        var smeLevelList    = _levelExtentModifierService.ApplyLevelExtent(smePaginated.result ?? [], level);
        var smeMetadataList = _mappingService.Map(smeLevelList, "metadata");
        var output          = new MetadataPagedResult {result = smeMetadataList.ConvertAll(sme => (IMetadataDTO)sme), paging_metadata = smePaginated.paging_metadata};
        return new ObjectResult(output);
    }

    /// <summary>
    /// Returns all submodel elements including their hierarchy
    /// </summary>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="limit">The maximum number of elements in the response array</param>
    /// <param name="cursor">A server-generated identifier retrieved from pagingMetadata that specifies from which position the result listing should continue</param>
    /// <param name="level">Determines the structural depth of the respective resource content</param>
    /// <param name="extent">Determines to which extent the resource is being serialized</param>
    /// <response code="200">List of found submodel elements in the Path notation</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpGet]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}/submodel-elements/$path")]
    [ValidateModelState]
    [SwaggerOperation("GetAllSubmodelElementsPathAasRepository")]
    [SwaggerResponse(statusCode: 200, type: typeof(GetPathItemsResult), description: "List of found submodel elements in the Path notation")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult GetAllSubmodelElementsPathAasRepository([FromRoute] [Required] string aasIdentifier, [FromRoute] [Required] string submodelIdentifier,
                                                                         [FromQuery] int? limit, [FromQuery] string? cursor, [FromQuery] LevelEnum level,
                                                                         [FromQuery] ExtentEnum extent)
    {
        var decodedAasIdentifier      = _decoderService.Decode($"aasIdentifier", aasIdentifier);
        var decodedSubmodelIdentifier = _decoderService.Decode($"submodelIdentifier", submodelIdentifier);

        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        if (decodedSubmodelIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedSubmodelIdentifier)} is null");
        }

        _logger.LogInformation($"Received a request to get path for all the submodel elements from the submodel with id {decodedSubmodelIdentifier} and aas with id {decodedAasIdentifier}");
        if (!Program.noSecurity)
        {
            var submodel   = _aasService.GetSubmodelById(decodedAasIdentifier, decodedSubmodelIdentifier);
            var authResult = _authorizationService.AuthorizeAsync(User, submodel, "SecurityPolicy").Result;
            if (!authResult.Succeeded)
            {
                throw new NotAllowed(authResult.Failure.FailureReasons.FirstOrDefault()?.Message ?? string.Empty);
            }
        }

        var submodelElementsList = _aasService.GetAllSubmodelElements(decodedAasIdentifier, decodedSubmodelIdentifier);

        var smePaginated = _paginationService.GetPaginatedList(submodelElementsList, new PaginationParameters(cursor, limit));
        var smeLevelList = _levelExtentModifierService.ApplyLevelExtent(smePaginated.result ?? [], level, extent);
        var smePathList  = _pathModifierService.ToIdShortPath(smeLevelList.ConvertAll(sme => (ISubmodelElement)sme));
        var output       = new PathPagedResult {result = smePathList, paging_metadata = smePaginated.paging_metadata};
        return new ObjectResult(output);
    }

    /// <summary>
    /// Returns all submodel elements as a list of References
    /// </summary>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="limit">The maximum number of elements in the response array</param>
    /// <param name="cursor">A server-generated identifier retrieved from pagingMetadata that specifies from which position the result listing should continue</param>
    /// <param name="level">Determines the structural depth of the respective resource content</param>
    /// <param name="extent"></param>
    /// <response code="200">List of References of the found submodel elements</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpGet]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}/submodel-elements/$reference")]
    [ValidateModelState]
    [SwaggerOperation("GetAllSubmodelElementsReferenceAasRepository")]
    [SwaggerResponse(statusCode: 200, type: typeof(ReferencePagedResult), description: "List of References of the found submodel elements")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult GetAllSubmodelElementsReferenceAasRepository([FromRoute] [Required] string aasIdentifier, [FromRoute] [Required] string submodelIdentifier,
                                                                              [FromQuery] int? limit, [FromQuery] string? cursor, [FromQuery] LevelEnum level,
                                                                              [FromQuery] ExtentEnum extent)
    {
        var decodedAasIdentifier      = _decoderService.Decode("aasIdentifier", aasIdentifier);
        var decodedSubmodelIdentifier = _decoderService.Decode("submodelIdentifier", submodelIdentifier);

        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        if (decodedSubmodelIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedSubmodelIdentifier)} is null");
        }

        _logger.LogInformation($"Received request to get references of all the submodel elements from submodel with id {submodelIdentifier} and the AAS with id {aasIdentifier}.");
        if (!Program.noSecurity)
        {
            var submodel   = _aasService.GetSubmodelById(decodedAasIdentifier, decodedSubmodelIdentifier);
            var authResult = _authorizationService.AuthorizeAsync(User, submodel, "SecurityPolicy").Result;
            if (!authResult.Succeeded)
            {
                throw new NotAllowed(authResult.Failure.FailureReasons.FirstOrDefault()?.Message ?? string.Empty);
            }
        }

        var smeList = _aasService.GetAllSubmodelElements(decodedAasIdentifier, decodedSubmodelIdentifier);

        // TODO (jtikekar, 2023-09-04): check performace imapct due to ConvertAll
        var smePaginated     = _paginationService.GetPaginatedList(smeList, new PaginationParameters(cursor, limit));
        var smeReferenceList = _referenceModifierService.GetReferenceResult(smePaginated.result.ConvertAll(sme => (IReferable)sme));
        var output = new ReferencePagedResult(smeReferenceList, smePaginated.paging_metadata);
        return new ObjectResult(output);
    }

    /// <summary>
    /// Returns all submodel elements including their hierarchy in the ValueOnly representation
    /// </summary>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="limit">The maximum number of elements in the response array</param>
    /// <param name="cursor">A server-generated identifier retrieved from pagingMetadata that specifies from which position the result listing should continue</param>
    /// <param name="level">Determines the structural depth of the respective resource content</param>
    /// <param name="extent"></param>
    /// <response code="200">List of found submodel elements in their ValueOnly representation</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpGet]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}/submodel-elements/$value")]
    [ValidateModelState]
    [SwaggerOperation("GetAllSubmodelElementsValueOnlyAasRepository")]
    [SwaggerResponse(statusCode: 200, type: typeof(ValueOnlyPagedResult), description: "List of found submodel elements in their ValueOnly representation")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult GetAllSubmodelElementsValueOnlyAasRepository([FromRoute] [Required] string aasIdentifier, [FromRoute] [Required] string submodelIdentifier,
                                                                              [FromQuery] int? limit, [FromQuery] string? cursor, [FromQuery] LevelEnum level,
                                                                              [FromQuery] ExtentEnum extent)
    {
        var decodedAasIdentifier      = _decoderService.Decode("aasIdentifier", aasIdentifier);
        var decodedSubmodelIdentifier = _decoderService.Decode("submodelIdentifier", submodelIdentifier);

        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        if (decodedSubmodelIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedSubmodelIdentifier)} is null");
        }

        _logger.LogInformation($"Received request to get the value of all the submodel elements from the submodel with id {decodedSubmodelIdentifier} and aas with id {decodedAasIdentifier}");
        if (!Program.noSecurity)
        {
            var submodel   = _aasService.GetSubmodelById(decodedAasIdentifier, decodedSubmodelIdentifier);
            var authResult = _authorizationService.AuthorizeAsync(User, submodel, "SecurityPolicy").Result;
            if (!authResult.Succeeded)
            {
                throw new NotAllowed(authResult.Failure.FailureReasons.FirstOrDefault()?.Message ?? string.Empty);
            }
        }

        var submodelElements = _aasService.GetAllSubmodelElements(decodedAasIdentifier, decodedSubmodelIdentifier);

        var smePaginated = _paginationService.GetPaginatedList(submodelElements, new PaginationParameters(cursor, limit));
        var smeLevelList = _levelExtentModifierService.ApplyLevelExtent(smePaginated.result, level);
        var smeValueList = _mappingService.Map(smeLevelList, "value");
        var output       = new ValueOnlyPagedResult {result = smeValueList.ConvertAll(sme => (IValueDTO)sme), paging_metadata = smePaginated.paging_metadata};
        return new ObjectResult(output);
    }

    /// <summary>
    /// Returns all submodel references
    /// </summary>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="limit">The maximum number of elements in the response array</param>
    /// <param name="cursor">A server-generated identifier retrieved from pagingMetadata that specifies from which position the result listing should continue</param>
    /// <response code="200">Requested submodel references</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpGet]
    [Route("/shells/{aasIdentifier}/submodel-refs")]
    [ValidateModelState]
    [SwaggerOperation("GetAllSubmodelReferencesAasRepository")]
    [SwaggerResponse(statusCode: 200, type: typeof(GetReferencesResult), description: "Requested submodel references")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult GetAllSubmodelReferencesAasRepository([FromRoute] [Required] string aasIdentifier, [FromQuery] int? limit, [FromQuery] string? cursor)
    {
        var decodedAasIdentifier = _decoderService.Decode("aasIdentifier", aasIdentifier);

        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        _logger.LogInformation($"Received request to get all the submodel references from the AAS with id {aasIdentifier}.");

        var submodels = _aasService.GetAllSubmodelReferencesFromAas(decodedAasIdentifier);

        var output = _paginationService.GetPaginatedList(submodels, new PaginationParameters(cursor, limit));
        return new ObjectResult(output);
    }

    /// <summary>
    /// Returns a specific Asset Administration Shell
    /// </summary>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <response code="200">Requested Asset Administration Shell</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpGet]
    [Route("/shells/{aasIdentifier}")]
    [ValidateModelState]
    [SwaggerOperation("GetAssetAdministrationShellById")]
    [SwaggerResponse(statusCode: 200, type: typeof(AssetAdministrationShell), description: "Requested Asset Administration Shell")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult GetAssetAdministrationShellById([FromRoute] [Required] string aasIdentifier)
    {
        var decodedAasIdentifier = _decoderService.Decode("aasIdentifier", aasIdentifier);

        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        _logger.LogInformation($"Received request to get the AAS with id {aasIdentifier}.");

        var aas = _aasService.GetAssetAdministrationShellById(decodedAasIdentifier);

        /* Turn off AAS security to have existing demos run
        var authResult = _authorizationService.AuthorizeAsync(User, aas, "SecurityPolicy").Result;
        if (!authResult.Succeeded)
        {
            var failedReasons = authResult.Failure.FailureReasons;
            if (failedReasons != null && failedReasons.Any())
            {
                throw new NotAllowed(failedReasons.First().Message);
            }
        }
        */
        return new ObjectResult(aas);
    }

    /// <summary>
    /// Returns a specific Asset Administration Shell as a Reference
    /// </summary>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <response code="200">Requested Asset Administration Shell</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpGet]
    [Route("/shells/{aasIdentifier}/$reference")]
    [ValidateModelState]
    [SwaggerOperation("GetAssetAdministrationShellByIdReferenceAasRepository")]
    [SwaggerResponse(statusCode: 200, type: typeof(Reference), description: "Requested Asset Administration Shell")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult GetAssetAdministrationShellByIdReferenceAasRepository([FromRoute] [Required] string aasIdentifier)
    {
        var decodedAasIdentifier = _decoderService.Decode("aasIdentifier", aasIdentifier);

        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        _logger.LogInformation($"Received request to get the reference of AAS with id {aasIdentifier}.");

        var aas = _aasService.GetAssetAdministrationShellById(decodedAasIdentifier);

        var output = _referenceModifierService.GetReferenceResult(aas);

        return new ObjectResult(output);
    }

    /// <summary>
    /// Returns the Asset Information
    /// </summary>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <response code="200">Requested Asset Information</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpGet]
    [Route("/shells/{aasIdentifier}/asset-information")]
    [ValidateModelState]
    [SwaggerOperation("GetAssetInformationAasRepository")]
    [SwaggerResponse(statusCode: 200, type: typeof(AssetInformation), description: "Requested Asset Information")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult GetAssetInformationAasRepository([FromRoute] [Required] string aasIdentifier)
    {
        var decodedAasIdentifier = _decoderService.Decode("aasIdentifier", aasIdentifier);

        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        _logger.LogInformation($"Received request to get the AAS with id {decodedAasIdentifier}.");

        var output = _aasService.GetAssetInformation(decodedAasIdentifier);

        return new ObjectResult(output);
    }

    /// <summary>
    /// Downloads file content from a specific submodel element from the Submodel at a specified path
    /// </summary>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="idShortPath">IdShort path to the submodel element (dot-separated)</param>
    /// <response code="200">Requested file</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpGet]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}/submodel-elements/{idShortPath}/attachment")]
    [ValidateModelState]
    [SwaggerOperation("GetFileByPathAasRepository")]
    [SwaggerResponse(statusCode: 200, type: typeof(byte[]), description: "Requested file")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual async Task<IActionResult> GetFileByPathAasRepository([FromRoute] [Required] string aasIdentifier, [FromRoute] [Required] string submodelIdentifier,
                                                                        [FromRoute] [Required] string idShortPath)
    {
        var decodedAasIdentifier      = _decoderService.Decode("aasIdentifier", aasIdentifier);
        var decodedSubmodelIdentifier = _decoderService.Decode("submodelIdentifier", submodelIdentifier);

        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        if (decodedSubmodelIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedSubmodelIdentifier)} is null");
        }

        _logger.LogInformation($"Received request to get file by path at the submodel element {idShortPath} from submodel with id {submodelIdentifier} and the AAS with id {aasIdentifier}.");

        if (!Program.noSecurity)
        {
            var submodel = _aasService.GetSubmodelById(decodedAasIdentifier, decodedSubmodelIdentifier);
            User.Claims.ToList().Add(new Claim("idShortPath", $"{submodel.IdShort}.{idShortPath}"));
            var claimsList = new List<Claim>(User.Claims) {new("IdShortPath", $"{submodel.IdShort}.{idShortPath}")};
            var identity   = new ClaimsIdentity(claimsList, "AasSecurityAuth");
            var principal  = new System.Security.Principal.GenericPrincipal(identity, null);
            var authResult = _authorizationService.AuthorizeAsync(principal, submodel, "SecurityPolicy").Result;
            if (!authResult.Succeeded)
            {
                throw new NotAllowed(authResult.Failure.FailureReasons.FirstOrDefault()?.Message ?? string.Empty);
            }
        }

        var fileName = _aasService.GetFileByPath(decodedAasIdentifier, decodedSubmodelIdentifier, idShortPath, out var content, out var fileSize);

        //content-disposition so that the aasx file can be downloaded from the web browser.
        ContentDisposition contentDisposition = new() {FileName = fileName, Inline = fileName.ToLower().EndsWith(".pdf")};

        HttpContext.Response.Headers.Append("Content-Disposition", contentDisposition.ToString());
        HttpContext.Response.ContentLength = fileSize;
        if (fileName.ToLower().EndsWith(".svg"))
        {
            HttpContext.Response.ContentType = "image/svg+xml";
        }

        if (fileName.ToLower().EndsWith(".pdf"))
        {
            HttpContext.Response.ContentType = "application/pdf";
        }

        await HttpContext.Response.Body.WriteAsync(content);
        return new EmptyResult();
    }

    /// <summary>
    /// Returns the Operation result of an asynchronous invoked Operation
    /// </summary>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="idShortPath">IdShort path to the submodel element (dot-separated)</param>
    /// <param name="handleId">The returned handle id of an operation’s asynchronous invocation used to request the current state of the operation’s execution (UTF8-BASE64-URL-encoded)</param>
    /// <response code="200">Operation result object</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpGet]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}/submodel-elements/{idShortPath}/operation-results/{handleId}")]
    [ValidateModelState]
    [SwaggerOperation("GetOperationAsyncResultAasRepository")]
    [SwaggerResponse(statusCode: 200, type: typeof(OperationResult), description: "Operation result object")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult GetOperationAsyncResultAasRepository([FromRoute] [Required] string aasIdentifier, [FromRoute] [Required] string submodelIdentifier,
                                                                      [FromRoute] [Required] string idShortPath, [FromRoute] [Required] string handleId)
    {
        //TODO: Uncomment the next line to return response 200 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(200, default(OperationResult));

        //TODO: Uncomment the next line to return response 400 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(400, default(Result));

        //TODO: Uncomment the next line to return response 401 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(401, default(Result));

        //TODO: Uncomment the next line to return response 403 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(403, default(Result));

        //TODO: Uncomment the next line to return response 404 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(404, default(Result));

        //TODO: Uncomment the next line to return response 500 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(500, default(Result));

        //TODO: Uncomment the next line to return response 0 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(0, default(Result));
        return new ObjectResult(System.Text.Json.JsonSerializer.Deserialize<OperationResult>(string.Empty));
    }

    /// <summary>
    /// Returns the ValueOnly notation of the Operation result of an asynchronous invoked Operation
    /// </summary>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="idShortPath">IdShort path to the submodel element (dot-separated)</param>
    /// <param name="handleId">The returned handle id of an operation’s asynchronous invocation used to request the current state of the operation’s execution (UTF8-BASE64-URL-encoded)</param>
    /// <response code="200">Operation result object</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpGet]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}/submodel-elements/{idShortPath}/operation-results/{handleId}/$value")]
    [ValidateModelState]
    [SwaggerOperation("GetOperationAsyncResultValueOnlyAasRepository")]
    [SwaggerResponse(statusCode: 200, type: typeof(IValueDTO), description: "Operation result object")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult GetOperationAsyncResultValueOnlyAasRepository([FromRoute] [Required] string aasIdentifier, [FromRoute] [Required] string submodelIdentifier,
                                                                               [FromRoute] [Required] string idShortPath, [FromRoute] [Required] string handleId)
    {
        return new ObjectResult(null);
    }

    /// <summary>
    /// Returns the Operation status of an asynchronous invoked Operation
    /// </summary>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="idShortPath">IdShort path to the submodel element (dot-separated)</param>
    /// <param name="handleId">The returned handle id of an operation’s asynchronous invocation used to request the current state of the operation’s execution (UTF8-BASE64-URL-encoded)</param>
    /// <response code="200">Operation result object containing information that the &#x27;executionState&#x27; is still &#x27;Running&#x27;</response>
    /// <response code="302">The target resource is available but at a different location.</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpGet]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}/submodel-elements/{idShortPath}/operation-status/{handleId}")]
    [ValidateModelState]
    [SwaggerOperation("GetOperationAsyncStatusAasRepository")]
    [SwaggerResponse(statusCode: 200, type: typeof(BaseOperationResult),
                        description: "Operation result object containing information that the &#x27;executionState&#x27; is still &#x27;Running&#x27;")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult GetOperationAsyncStatusAasRepository([FromRoute] [Required] string aasIdentifier, [FromRoute] [Required] string submodelIdentifier,
                                                                      [FromRoute] [Required] string idShortPath, [FromRoute] [Required] string handleId)
    {
        //TODO: Uncomment the next line to return response 200 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(200, default(BaseOperationResult));

        //TODO: Uncomment the next line to return response 302 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(302);

        //TODO: Uncomment the next line to return response 400 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(400, default(Result));

        //TODO: Uncomment the next line to return response 401 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(401, default(Result));

        //TODO: Uncomment the next line to return response 403 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(403, default(Result));

        //TODO: Uncomment the next line to return response 404 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(404, default(Result));

        //TODO: Uncomment the next line to return response 500 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(500, default(Result));

        //TODO: Uncomment the next line to return response 0 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(0, default(Result));
        string exampleJson = null;
        exampleJson = "\"\"";

        var example = exampleJson != null
                          ? System.Text.Json.JsonSerializer.Deserialize<BaseOperationResult>(exampleJson)
                          : default(BaseOperationResult); //TODO: Change the data returned
        return new ObjectResult(example);
    }

    /// <summary>
    /// Returns the Submodel
    /// </summary>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="level">Determines the structural depth of the respective resource content</param>
    /// <param name="extent">Determines to which extent the resource is being serialized</param>
    /// <response code="200">Requested Submodel</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpGet]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}")]
    [ValidateModelState]
    [SwaggerOperation("GetSubmodelByIdAasRepository")]
    [SwaggerResponse(statusCode: 200, type: typeof(Submodel), description: "Requested Submodel")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult GetSubmodelByIdAasRepository([FromRoute] [Required] string aasIdentifier, [FromRoute] [Required] string submodelIdentifier,
                                                              [FromQuery] LevelEnum level, [FromQuery] ExtentEnum extent)
    {
        var decodedAasIdentifier      = _decoderService.Decode("aasIdentifier", aasIdentifier);
        var decodedSubmodelIdentifier = _decoderService.Decode("submodelIdentifier", submodelIdentifier);

        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        if (decodedSubmodelIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedSubmodelIdentifier)} is null");
        }

        _logger.LogInformation($"Received request to get the submodel with id {submodelIdentifier} from the AAS with id {aasIdentifier}.");

        var submodel   = _aasService.GetSubmodelById(decodedAasIdentifier, decodedSubmodelIdentifier);
        var authResult = _authorizationService.AuthorizeAsync(User, submodel, "SecurityPolicy").Result;
        if (!authResult.Succeeded)
        {
            var failedReasons               = authResult.Failure.FailureReasons;
            var authorizationFailureReasons = failedReasons.ToList();
            if (authorizationFailureReasons.Count != 0)
            {
                throw new NotAllowed(authorizationFailureReasons.First().Message);
            }
        }

        var output = _levelExtentModifierService.ApplyLevelExtent(submodel, level, extent);
        return new ObjectResult(output);
    }

    /// <summary>
    /// Returns the Submodel&#x27;s metadata elements
    /// </summary>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="level">Determines the structural depth of the respective resource content</param>
    /// <response code="200">Requested Submodel</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpGet]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}/$metadata")]
    [ValidateModelState]
    [SwaggerOperation("GetSubmodelByIdMetadataAasRepository")]
    [SwaggerResponse(statusCode: 200, type: typeof(SubmodelMetadata), description: "Requested Submodel")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult GetSubmodelByIdMetadataAasRepository([FromRoute] [Required] string aasIdentifier, [FromRoute] [Required] string submodelIdentifier,
                                                                      [FromQuery] LevelEnum level)
    {
        var decodedAasIdentifier      = _decoderService.Decode("aasIdentifier", aasIdentifier);
        var decodedSubmodelIdentifier = _decoderService.Decode("submodelIdentifier", submodelIdentifier);

        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        if (decodedSubmodelIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedSubmodelIdentifier)} is null");
        }

        _logger.LogInformation($"Received request to get metadat of the submodel with id {decodedSubmodelIdentifier} from the AAS with id {decodedAasIdentifier}");

        var submodel   = _aasService.GetSubmodelById(decodedAasIdentifier, decodedSubmodelIdentifier);
        var authResult = _authorizationService.AuthorizeAsync(User, submodel, "SecurityPolicy").Result;
        if (!authResult.Succeeded)
        {
            var failedReason = authResult.Failure.FailureReasons.First();
            if (failedReason != null)
            {
                throw new NotAllowed(failedReason.Message);
            }
        }

        var submodelLevel = _levelExtentModifierService.ApplyLevelExtent(submodel, level);
        var output        = _mappingService.Map(submodelLevel, "metadata");
        return new ObjectResult(output);
    }

    /// <summary>
    /// Returns the Submodel&#x27;s metadata elements
    /// </summary>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="level">Determines the structural depth of the respective resource content</param>
    /// <response code="200">Requested Submodel in Path notation</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpGet]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}/$path")]
    [ValidateModelState]
    [SwaggerOperation("GetSubmodelByIdPathAasRepository")]
    [SwaggerResponse(statusCode: 200, type: typeof(List<string>), description: "Requested Submodel in Path notation")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult GetSubmodelByIdPathAasRepository([FromRoute] [Required] string aasIdentifier, [FromRoute] [Required] string submodelIdentifier,
                                                                  [FromQuery] LevelEnum level)
    {
        var decodedAasIdentifier      = _decoderService.Decode($"aasIdentifier", aasIdentifier);
        var decodedSubmodelIdentifier = _decoderService.Decode($"submodelIdentifier", submodelIdentifier);

        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        if (decodedSubmodelIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedSubmodelIdentifier)} is null");
        }

        _logger.LogInformation($"Received request to get path of a submodel with is {decodedSubmodelIdentifier} and AAS with id {decodedAasIdentifier}");

        var submodel   = _aasService.GetSubmodelById(decodedAasIdentifier, decodedSubmodelIdentifier);
        var authResult = _authorizationService.AuthorizeAsync(User, submodel, "SecurityPolicy").Result;
        if (!authResult.Succeeded)
        {
            var failedReason = authResult.Failure.FailureReasons.First();
            if (failedReason != null)
            {
                throw new NotAllowed(failedReason.Message);
            }
        }

        var submodelLevel = _levelExtentModifierService.ApplyLevelExtent(submodel, level);
        var output        = _pathModifierService.ToIdShortPath(submodelLevel);
        return new ObjectResult(output);
    }

    /// <summary>
    /// Returns the Submodel as a Reference
    /// </summary>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <response code="200">Requested Submodel as a Reference</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpGet]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}/$reference")]
    [ValidateModelState]
    [SwaggerOperation("GetSubmodelByIdReferenceAasRepository")]
    [SwaggerResponse(statusCode: 200, type: typeof(Reference), description: "Requested Submodel as a Reference")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult GetSubmodelByIdReferenceAasRepository([FromRoute] [Required] string aasIdentifier, [FromRoute] [Required] string submodelIdentifier)
    {
        var decodedAasIdentifier      = _decoderService.Decode("aasIdentifier", aasIdentifier);
        var decodedSubmodelIdentifier = _decoderService.Decode("submodelIdentifier", submodelIdentifier);

        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        if (decodedSubmodelIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedSubmodelIdentifier)} is null");
        }

        _logger.LogInformation($"Received request to get the submodel with id {submodelIdentifier} from the AAS with id {aasIdentifier}.");

        var submodel   = _aasService.GetSubmodelById(decodedAasIdentifier, decodedSubmodelIdentifier);
        var authResult = _authorizationService.AuthorizeAsync(User, submodel, "SecurityPolicy").Result;
        if (!authResult.Succeeded)
        {
            var failedReason = authResult.Failure.FailureReasons.First();
            if (failedReason != null)
            {
                throw new NotAllowed(failedReason.Message);
            }
        }

        var output = _referenceModifierService.GetReferenceResult(submodel);
        return new ObjectResult(output);
    }

    /// <summary>
    /// Returns the Submodel&#x27;s ValueOnly representation
    /// </summary>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="level">Determines the structural depth of the respective resource content</param>
    /// <param name="extent">Determines to which extent the resource is being serialized</param>
    /// <response code="200">Requested Submodel</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpGet]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}/$value")]
    [ValidateModelState]
    [SwaggerOperation("GetSubmodelByIdValueOnlyAasRepository")]
    [SwaggerResponse(statusCode: 200, type: typeof(SubmodelValue), description: "Requested Submodel")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult GetSubmodelByIdValueOnlyAasRepository([FromRoute] [Required] string aasIdentifier, [FromRoute] [Required] string submodelIdentifier,
                                                                       [FromQuery] LevelEnum level, [FromQuery] ExtentEnum extent)
    {
        var decodedAasIdentifier      = _decoderService.Decode("aasIdentifier", aasIdentifier);
        var decodedSubmodelIdentifier = _decoderService.Decode("submodelIdentifier", submodelIdentifier);

        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        if (decodedSubmodelIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedSubmodelIdentifier)} is null");
        }

        _logger.LogInformation($"Received request to get the value of submodel with id {decodedSubmodelIdentifier} from the aas with id {decodedAasIdentifier}");

        var submodel   = _aasService.GetSubmodelById(decodedAasIdentifier, decodedSubmodelIdentifier);
        var authResult = _authorizationService.AuthorizeAsync(User, submodel, "SecurityPolicy").Result;
        if (!authResult.Succeeded)
        {
            var failedReason = authResult.Failure.FailureReasons.First();
            if (failedReason != null)
            {
                throw new NotAllowed(failedReason.Message);
            }
        }

        var submodelLevel = _levelExtentModifierService.ApplyLevelExtent(submodel, level, extent);
        var output        = _mappingService.Map(submodelLevel, "value");
        return new ObjectResult(output);
    }

    /// <summary>
    /// Returns a specific submodel element from the Submodel at a specified path
    /// </summary>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="idShortPath">IdShort path to the submodel element (dot-separated)</param>
    /// <param name="level">Determines the structural depth of the respective resource content</param>
    /// <param name="extent">Determines to which extent the resource is being serialized</param>
    /// <response code="200">Requested submodel element</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpGet]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}/submodel-elements/{idShortPath}")]
    [ValidateModelState]
    [SwaggerOperation("GetSubmodelElementByPathAasRepository")]
    [SwaggerResponse(statusCode: 200, type: typeof(ISubmodelElement), description: "Requested submodel element")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult GetSubmodelElementByPathAasRepository([FromRoute] [Required] string aasIdentifier, [FromRoute] [Required] string submodelIdentifier,
                                                                       [FromRoute] [Required] string idShortPath, [FromQuery] LevelEnum level,
                                                                       [FromQuery] ExtentEnum extent)
    {
        var decodedAasIdentifier      = _decoderService.Decode("aasIdentifier", aasIdentifier);
        var decodedSubmodelIdentifier = _decoderService.Decode("submodelIdentifier", submodelIdentifier);

        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        if (decodedSubmodelIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedSubmodelIdentifier)} is null");
        }

        _logger.LogInformation($"Received request to get the submodel element at {idShortPath} from the submodel with id {submodelIdentifier} and the AAS with id {aasIdentifier}.");

        var submodelElement = _aasService.GetSubmodelElementByPath(decodedAasIdentifier, decodedSubmodelIdentifier, idShortPath);

        if (!Program.noSecurity)
        {
            var submodel = _aasService.GetSubmodelById(decodedAasIdentifier, decodedSubmodelIdentifier);
            User.Claims.ToList().Add(new Claim("idShortPath", $"{submodel.IdShort}.{idShortPath}"));
            var claimsList = new List<Claim>(User.Claims) {new Claim("IdShortPath", $"{submodel.IdShort}.{idShortPath}")};
            var identity   = new ClaimsIdentity(claimsList, "AasSecurityAuth");
            var principal  = new System.Security.Principal.GenericPrincipal(identity, null);
            var authResult = _authorizationService.AuthorizeAsync(principal, submodel, "SecurityPolicy").Result;
            if (!authResult.Succeeded)
            {
                throw new NotAllowed(authResult.Failure.FailureReasons.FirstOrDefault()?.Message ?? string.Empty);
            }
        }

        var smeLevel = _levelExtentModifierService.ApplyLevelExtent(submodelElement, level, extent);
        return new ObjectResult(smeLevel);
    }

    /// <summary>
    /// Returns the metadata attributes if a specific submodel element from the Submodel at a specified path
    /// </summary>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="idShortPath">IdShort path to the submodel element (dot-separated)</param>
    /// <param name="level">Determines the structural depth of the respective resource content</param>
    /// <response code="200">Requested submodel element</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpGet]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}/submodel-elements/{idShortPath}/$metadata")]
    [ValidateModelState]
    [SwaggerOperation("GetSubmodelElementByPathMetadataAasRepository")]
    [SwaggerResponse(statusCode: 200, type: typeof(ISubmodelElementMetadata), description: "Requested submodel element")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult GetSubmodelElementByPathMetadataAasRepository([FromRoute] [Required] string aasIdentifier, [FromRoute] [Required] string submodelIdentifier,
                                                                               [FromRoute] [Required] string idShortPath, [FromQuery] LevelEnum level)
    {
        var decodedAasIdentifier      = _decoderService.Decode("aasIdentifier", aasIdentifier);
        var decodedSubmodelIdentifier = _decoderService.Decode("submodelIdentifier", submodelIdentifier);

        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        if (decodedSubmodelIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedSubmodelIdentifier)} is null");
        }

        _logger.LogInformation($"Received request to get metadata of the submodel element at {idShortPath} from the submodel with id {submodelIdentifier} and the AAS with id {aasIdentifier}.");

        var submodelElement = _aasService.GetSubmodelElementByPath(decodedAasIdentifier, decodedSubmodelIdentifier, idShortPath);
        if (!Program.noSecurity)
        {
            var submodel = _aasService.GetSubmodelById(decodedAasIdentifier, decodedSubmodelIdentifier);
            User.Claims.ToList().Add(new Claim("idShortPath", $"{submodel.IdShort}.{idShortPath}"));
            var claimsList = new List<Claim>(User.Claims) {new Claim("IdShortPath", $"{submodel.IdShort}.{idShortPath}")};
            var identity   = new ClaimsIdentity(claimsList, "AasSecurityAuth");
            var principal  = new System.Security.Principal.GenericPrincipal(identity, null);
            var authResult = _authorizationService.AuthorizeAsync(principal, submodel, "SecurityPolicy").Result;
            if (!authResult.Succeeded)
            {
                throw new NotAllowed(authResult.Failure.FailureReasons.FirstOrDefault()?.Message ?? string.Empty);
            }
        }

        var smeLevel = _levelExtentModifierService.ApplyLevelExtent(submodelElement, level);
        var output   = _mappingService.Map(smeLevel, "metadata");
        return new ObjectResult(output);
    }

    /// <summary>
    /// Returns a specific submodel element from the Submodel at a specified path in the Path notation
    /// </summary>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="idShortPath">IdShort path to the submodel element (dot-separated)</param>
    /// <param name="level">Determines the structural depth of the respective resource content</param>
    /// <response code="200">Requested submodel element in the Path notation</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpGet]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}/submodel-elements/{idShortPath}/$path")]
    [ValidateModelState]
    [SwaggerOperation("GetSubmodelElementByPathPathAasRepository")]
    [SwaggerResponse(statusCode: 200, type: typeof(string), description: "Requested submodel element in the Path notation")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult GetSubmodelElementByPathPathAasRepository([FromRoute] [Required] string aasIdentifier, [FromRoute] [Required] string submodelIdentifier,
                                                                           [FromRoute] [Required] string idShortPath, [FromQuery] LevelEnum level)
    {
        var decodedAasIdentifier      = _decoderService.Decode($"aasIdentifier", aasIdentifier);
        var decodedSubmodelIdentifier = _decoderService.Decode($"submodelIdentifier", submodelIdentifier);

        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        if (decodedSubmodelIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedSubmodelIdentifier)} is null");
        }

        _logger.LogInformation($"Received a request to get a path of a submodel element at {idShortPath} from a submodel with id {decodedSubmodelIdentifier} and aas with id {decodedAasIdentifier}");

        var submodelElement = _aasService.GetSubmodelElementByPath(decodedAasIdentifier, decodedSubmodelIdentifier, idShortPath);
        if (!Program.noSecurity)
        {
            var submodel = _aasService.GetSubmodelById(decodedAasIdentifier, decodedSubmodelIdentifier);
            User.Claims.ToList().Add(new Claim("idShortPath", $"{submodel.IdShort}.{idShortPath}"));
            var claimsList = new List<Claim>(User.Claims) {new Claim("IdShortPath", $"{submodel.IdShort}.{idShortPath}")};
            var identity   = new ClaimsIdentity(claimsList, "AasSecurityAuth");
            var principal  = new System.Security.Principal.GenericPrincipal(identity, null);
            var authResult = _authorizationService.AuthorizeAsync(principal, submodel, "SecurityPolicy").Result;
            if (!authResult.Succeeded)
            {
                throw new NotAllowed(authResult.Failure.FailureReasons.FirstOrDefault()?.Message ?? string.Empty);
            }
        }

        var smeLevel = _levelExtentModifierService.ApplyLevelExtent(submodelElement, level);
        var output   = _pathModifierService.ToIdShortPath(smeLevel);
        return new ObjectResult(output);
    }

    /// <summary>
    /// Returns the Reference of a specific submodel element from the Submodel at a specified path
    /// </summary>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="idShortPath">IdShort path to the submodel element (dot-separated)</param>
    /// <param name="level">Determines the structural depth of the respective resource content</param>
    /// <response code="200">Requested submodel element in its ValueOnly representation</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpGet]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}/submodel-elements/{idShortPath}/$reference")]
    [ValidateModelState]
    [SwaggerOperation("GetSubmodelElementByPathReferenceAasRepository")]
    [SwaggerResponse(statusCode: 200, type: typeof(Reference), description: "Requested submodel element in its ValueOnly representation")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult GetSubmodelElementByPathReferenceAasRepository([FromRoute] [Required] string aasIdentifier, [FromRoute] [Required] string submodelIdentifier,
                                                                                [FromRoute] [Required] string idShortPath, [FromQuery] LevelEnum level)
    {
        var decodedAasIdentifier      = _decoderService.Decode("aasIdentifier", aasIdentifier);
        var decodedSubmodelIdentifier = _decoderService.Decode("submodelIdentifier", submodelIdentifier);

        _logger.LogInformation($"Received request to get the submodel element at {idShortPath} from the submodel with id {submodelIdentifier} and the AAS with id {aasIdentifier}.");

        var submodelElement = _aasService.GetSubmodelElementByPath(decodedAasIdentifier, decodedSubmodelIdentifier, idShortPath);
        if (!Program.noSecurity)
        {
            var submodel = _aasService.GetSubmodelById(decodedAasIdentifier, decodedSubmodelIdentifier);
            User.Claims.ToList().Add(new Claim("idShortPath", $"{submodel.IdShort}.{idShortPath}"));
            var claimsList = new List<Claim>(User.Claims) {new Claim("IdShortPath", $"{submodel.IdShort}.{idShortPath}")};
            var identity   = new ClaimsIdentity(claimsList, "AasSecurityAuth");
            var principal  = new System.Security.Principal.GenericPrincipal(identity, null);
            var authResult = _authorizationService.AuthorizeAsync(principal, submodel, "SecurityPolicy").Result;
            if (!authResult.Succeeded)
            {
                throw new NotAllowed(authResult.Failure.FailureReasons.FirstOrDefault()?.Message ?? string.Empty);
            }
        }

        //Level should not be applicable

        var output = _referenceModifierService.GetReferenceResult(submodelElement);
        return new ObjectResult(output);
    }

    /// <summary>
    /// Returns a specific submodel element from the Submodel at a specified path in the ValueOnly representation
    /// </summary>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="idShortPath">IdShort path to the submodel element (dot-separated)</param>
    /// <param name="level">Determines the structural depth of the respective resource content</param>
    /// <param name="extent">Determines to which extent the resource is being serialized</param>
    /// <response code="200">Requested submodel element in its ValueOnly representation</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpGet]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}/submodel-elements/{idShortPath}/$value")]
    [ValidateModelState]
    [SwaggerOperation("GetSubmodelElementByPathValueOnlyAasRepository")]
    [SwaggerResponse(statusCode: 200, type: typeof(IValueDTO), description: "Requested submodel element in its ValueOnly representation")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult GetSubmodelElementByPathValueOnlyAasRepository([FromRoute] [Required] string aasIdentifier, [FromRoute] [Required] string submodelIdentifier,
                                                                                [FromRoute] [Required] string idShortPath, [FromQuery] LevelEnum level,
                                                                                [FromQuery] ExtentEnum extent)
    {
        var decodedAasIdentifier      = _decoderService.Decode("aasIdentifier", aasIdentifier);
        var decodedSubmodelIdentifier = _decoderService.Decode("submodelIdentifier", submodelIdentifier);

        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        if (decodedSubmodelIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedSubmodelIdentifier)} is null");
        }

        _logger.LogInformation($"Received request to get the value of the submodel element at {idShortPath} from the submodel with id {decodedSubmodelIdentifier} and the aas with id {decodedAasIdentifier}");

        var submodelElement = _aasService.GetSubmodelElementByPath(decodedAasIdentifier, decodedSubmodelIdentifier, idShortPath);
        if (!Program.noSecurity)
        {
            var submodel = _aasService.GetSubmodelById(decodedAasIdentifier, decodedSubmodelIdentifier);
            User.Claims.ToList().Add(new Claim("idShortPath", $"{submodel.IdShort}.{idShortPath}"));
            var claimsList = new List<Claim>(User.Claims) {new Claim("IdShortPath", $"{submodel.IdShort}.{idShortPath}")};
            var identity   = new ClaimsIdentity(claimsList, "AasSecurityAuth");
            var principal  = new System.Security.Principal.GenericPrincipal(identity, null);
            var authResult = _authorizationService.AuthorizeAsync(principal, submodel, "SecurityPolicy").Result;
            if (!authResult.Succeeded)
            {
                throw new NotAllowed(authResult.Failure.FailureReasons.FirstOrDefault()?.Message ?? string.Empty);
            }
        }

        var smeLevel = _levelExtentModifierService.ApplyLevelExtent(submodelElement, level, extent);
        var output   = _mappingService.Map(smeLevel, "value");
        return new ObjectResult(output);
    }

    /// <summary>
    /// 
    /// </summary>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <response code="200">The thumbnail of the Asset Information.</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpGet]
    [Route("/shells/{aasIdentifier}/asset-information/thumbnail")]
    [ValidateModelState]
    [SwaggerOperation("GetThumbnailAasRepository")]
    [SwaggerResponse(statusCode: 200, type: typeof(byte[]), description: "The thumbnail of the Asset Information.")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual async Task<IActionResult> GetThumbnailAasRepository([FromRoute] [Required] string aasIdentifier)
    {
        var decodedAasIdentifier = _decoderService.Decode("aasIdentifier", aasIdentifier);

        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        _logger.LogInformation($"Received request to get the thumbnail of the AAS with Id {aasIdentifier}");

        var fileName = _aasService.GetThumbnail(decodedAasIdentifier, out var content, out var fileSize);

        //content-disposition so that the aasx file can be downloaded from the web browser.
        ContentDisposition contentDisposition = new() {FileName = fileName};

        HttpContext.Response.Headers.Append("Content-Disposition", contentDisposition.ToString());
        HttpContext.Response.ContentLength = fileSize;
        await HttpContext.Response.Body.WriteAsync(content);
        return new EmptyResult();
    }

    /// <summary>
    /// Synchronously invokes an Operation at a specified path
    /// </summary>
    /// <param name="body">Operation request object</param>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="idShortPath">IdShort path to the submodel element (dot-separated)</param>
    /// <response code="200">Operation result object</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpPost]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}/submodel-elements/{idShortPath}/invoke")]
    [ValidateModelState]
    [SwaggerOperation("InvokeOperationAasRepository")]
    [SwaggerResponse(statusCode: 200, type: typeof(OperationResult), description: "Operation result object")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult InvokeOperationAasRepository([FromBody] OperationRequest? body, [FromRoute] [Required] string aasIdentifier,
                                                              [FromRoute] [Required] string submodelIdentifier, [FromRoute] [Required] string idShortPath)
    {
        //TODO: Uncomment the next line to return response 200 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(200, default(OperationResult));

        //TODO: Uncomment the next line to return response 400 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(400, default(Result));

        //TODO: Uncomment the next line to return response 401 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(401, default(Result));

        //TODO: Uncomment the next line to return response 403 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(403, default(Result));

        //TODO: Uncomment the next line to return response 404 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(404, default(Result));

        //TODO: Uncomment the next line to return response 500 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(500, default(Result));

        //TODO: Uncomment the next line to return response 0 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(0, default(Result));
        string exampleJson = null;
        exampleJson = "\"\"";

        var example = exampleJson != null
                          ? System.Text.Json.JsonSerializer.Deserialize<OperationResult>(exampleJson)
                          : default(OperationResult); //TODO: Change the data returned
        return new ObjectResult(example);
    }

    /// <summary>
    /// Asynchronously invokes an Operation at a specified path
    /// </summary>
    /// <param name="body">Operation request object</param>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="idShortPath">IdShort path to the submodel element (dot-separated)</param>
    /// <response code="202">The server has accepted the request.</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpPost]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}/submodel-elements/{idShortPath}/invoke-async")]
    [ValidateModelState]
    [SwaggerOperation("InvokeOperationAsyncAasRepository")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult InvokeOperationAsyncAasRepository([FromBody] OperationRequest? body, [FromRoute] [Required] string aasIdentifier,
                                                                   [FromRoute] [Required] string submodelIdentifier, [FromRoute] [Required] string idShortPath)
    {
        //TODO: Uncomment the next line to return response 202 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(202);

        //TODO: Uncomment the next line to return response 400 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(400, default(Result));

        //TODO: Uncomment the next line to return response 401 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(401, default(Result));

        //TODO: Uncomment the next line to return response 403 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(403, default(Result));

        //TODO: Uncomment the next line to return response 404 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(404, default(Result));

        //TODO: Uncomment the next line to return response 500 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(500, default(Result));

        //TODO: Uncomment the next line to return response 0 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(0, default(Result));

        throw new NotImplementedException();
    }

    /// <summary>
    /// Asynchronously invokes an Operation at a specified path
    /// </summary>
    /// <param name="body">Operation request object</param>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="idShortPath">IdShort path to the submodel element (dot-separated)</param>
    /// <response code="202">The server has accepted the request.</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpPost]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}/submodel-elements/{idShortPath}/invoke-async/$value")]
    [ValidateModelState]
    [SwaggerOperation("InvokeOperationAsyncValueOnlyAasRepository")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    //public virtual IActionResult InvokeOperationAsyncValueOnlyAasRepository([FromBody] OperationRequestValueOnly body, [FromRoute][Required] string aasIdentifier, [FromRoute][Required] string submodelIdentifier, [FromRoute][Required] string idShortPath)
    public virtual IActionResult InvokeOperationAsyncValueOnlyAasRepository([FromBody] object? body, [FromRoute] [Required] string aasIdentifier,
                                                                            [FromRoute] [Required] string submodelIdentifier, [FromRoute] [Required] string idShortPath)
    {
        //TODO: Uncomment the next line to return response 202 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(202);

        //TODO: Uncomment the next line to return response 400 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(400, default(Result));

        //TODO: Uncomment the next line to return response 401 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(401, default(Result));

        //TODO: Uncomment the next line to return response 403 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(403, default(Result));

        //TODO: Uncomment the next line to return response 404 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(404, default(Result));

        //TODO: Uncomment the next line to return response 500 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(500, default(Result));

        //TODO: Uncomment the next line to return response 0 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(0, default(Result));

        throw new NotImplementedException();
    }

    /// <summary>
    /// Synchronously invokes an Operation at a specified path
    /// </summary>
    /// <param name="body">Operation request object</param>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="idShortPath">IdShort path to the submodel element (dot-separated)</param>
    /// <response code="200">Operation result object</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpPost]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}/submodel-elements/{idShortPath}/invoke/$value")]
    [ValidateModelState]
    [SwaggerOperation("InvokeOperationValueOnlyAasRepository")]
    //[SwaggerResponse(statusCode: 200, type: typeof(OperationResultValueOnly), description: "Operation result object")]
    [SwaggerResponse(statusCode: 200, type: typeof(object), description: "Operation result object")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult InvokeOperationValueOnlyAasRepository([FromBody] object? body, [FromRoute] [Required] string aasIdentifier,
                                                                       [FromRoute] [Required] string submodelIdentifier, [FromRoute] [Required] string idShortPath)
    {
        //TODO: Uncomment the next line to return response 200 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(200, default(OperationResultValueOnly));

        //TODO: Uncomment the next line to return response 400 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(400, default(Result));

        //TODO: Uncomment the next line to return response 401 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(401, default(Result));

        //TODO: Uncomment the next line to return response 403 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(403, default(Result));

        //TODO: Uncomment the next line to return response 404 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(404, default(Result));

        //TODO: Uncomment the next line to return response 500 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(500, default(Result));

        //TODO: Uncomment the next line to return response 0 or use other options such as return this.NotFound(), return this.BadRequest(..), ...
        // return StatusCode(0, default(Result));
        string exampleJson = null;
        exampleJson = "\"\"";

        var example = exampleJson != null
                          ? System.Text.Json.JsonSerializer.Deserialize<object>(exampleJson)
                          : default(object); //TODO: Change the data returned
        return new ObjectResult(example);
    }

    /// <summary>
    /// Updates the Submodel
    /// </summary>
    /// <param name="body">Submodel object</param>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="level">Determines the structural depth of the respective resource content</param>
    /// <response code="204">Submodel updated successfully</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpPatch]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}")]
    [ValidateModelState]
    [SwaggerOperation("PatchSubmodelAasRepository")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult PatchSubmodelAasRepository([FromBody] Submodel? body, [FromRoute] [Required] string aasIdentifier,
                                                            [FromRoute] [Required] string submodelIdentifier, [FromQuery] LevelEnum level)
    {
        var decodedAasIdentifier      = _decoderService.Decode("aasIdentifier", aasIdentifier);
        var decodedSubmodelIdentifier = _decoderService.Decode("submodelIdentifier", submodelIdentifier);

        _logger.LogInformation($"Received request to update the submodel with id {decodedSubmodelIdentifier} from the AAS with id {decodedAasIdentifier}");
        _aasService.UpdateSubmodelById(decodedAasIdentifier, decodedSubmodelIdentifier, body);

        return NoContent();
    }

    /// <summary>
    /// Updates the metadata attributes of the Submodel
    /// </summary>
    /// <param name="body">Submodel object</param>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="level">Determines the structural depth of the respective resource content</param>
    /// <response code="204">Submodel updated successfully</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpPatch]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}/$metadata")]
    [ValidateModelState]
    [SwaggerOperation("PatchSubmodelByIdMetadataAasRepository")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult PatchSubmodelByIdMetadataAasRepository([FromBody] SubmodelMetadata? body, [FromRoute] [Required] string aasIdentifier,
                                                                        [FromRoute] [Required] string submodelIdentifier, [FromQuery] LevelEnum level)
    {
        var decodedAasIdentifier      = _decoderService.Decode("aasIdentifier", aasIdentifier);
        var decodedSubmodelIdentifier = _decoderService.Decode("submodelIdentifier", submodelIdentifier);

        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        if (decodedSubmodelIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedSubmodelIdentifier)} is null");
        }

        _logger.LogInformation($"Received Request to update for submodel with id {decodedSubmodelIdentifier} from the aas with id {decodedAasIdentifier}");

        if (body == null)
        {
            return BadRequest($"Could not proceed, as {nameof(body)} is null.");
        }

        //Reverse mapping from Metadata to submodel element
        var submodel = _mappingService.Map(body, "metadata") as ISubmodel;

        //Update
        if (submodel == null)
        {
            return BadRequest($"Could not update Submodel  as {nameof(submodel)} is null.");
        }

        _aasService.UpdateSubmodelById(decodedAasIdentifier, decodedSubmodelIdentifier, submodel);

        return NoContent();
    }

    /// <summary>
    /// Updates the values of the Submodel
    /// </summary>
    /// <param name="body">Submodel object in the ValueOnly representation</param>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="level">Determines the structural depth of the respective resource content</param>
    /// <response code="204">Submodel updated successfully</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpPatch]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}/$value")]
    [ValidateModelState]
    [SwaggerOperation("PatchSubmodelByIdValueOnlyAasRepository")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult PatchSubmodelByIdValueOnlyAasRepository([FromBody] SubmodelValue? body, [FromRoute] [Required] string aasIdentifier,
                                                                         [FromRoute] [Required] string submodelIdentifier, [FromQuery] LevelEnum level)
    {
        var decodedAasIdentifier      = _decoderService.Decode("aasIdentifier", aasIdentifier);
        var decodedSubmodelIdentifier = _decoderService.Decode("submodelIdentifier", submodelIdentifier);

        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        if (decodedSubmodelIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedSubmodelIdentifier)} is null");
        }

        _logger.LogInformation($"Received request to update the submodel with id {decodedSubmodelIdentifier} from the aas with tid {decodedAasIdentifier} by value.");

        if (body == null)
        {
            return BadRequest($"Could not proceed, as {nameof(body)} is null.");
        }

        var submodel = _mappingService.Map(body, "value") as Submodel;
        if (submodel == null)
        {
            return BadRequest($"Could not update Submodel  as {nameof(submodel)} is null.");
        }

        _aasService.UpdateSubmodelById(decodedAasIdentifier, decodedSubmodelIdentifier, submodel);

        return NoContent();
    }

    /// <summary>
    /// Updates an existing submodel element value at a specified path within submodel elements hierarchy
    /// </summary>
    /// <param name="body">The updated value of the submodel element</param>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="idShortPath">IdShort path to the submodel element (dot-separated)</param>
    /// <param name="level">Determines the structural depth of the respective resource content</param>
    /// <response code="204">Submodel element updated successfully</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpPatch]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}/submodel-elements/{idShortPath}")]
    [ValidateModelState]
    [SwaggerOperation("PatchSubmodelElementValueByPathAasRepository")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult PatchSubmodelElementValueByPathAasRepository([FromBody] ISubmodelElement? body, [FromRoute] [Required] string aasIdentifier,
                                                                              [FromRoute] [Required] string submodelIdentifier, [FromRoute] [Required] string idShortPath,
                                                                              [FromQuery] LevelEnum level)
    {
        var decodedAasIdentifier      = _decoderService.Decode("aasIdentifier", aasIdentifier);
        var decodedSubmodelIdentifier = _decoderService.Decode("submodelIdentifier", submodelIdentifier);
        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        if (decodedSubmodelIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedSubmodelIdentifier)} is null");
        }

        _logger.LogInformation($"Received request to update the submodel element at {idShortPath} from submodel with id {decodedSubmodelIdentifier} from the AAS with id {decodedAasIdentifier}");

        if (body == null)
        {
            return BadRequest($"Could not proceed, as {nameof(body)} is null.");
        }

        _aasService.UpdateSubmodelElementByPath(decodedAasIdentifier, decodedSubmodelIdentifier, idShortPath, body);

        return NoContent();
    }

    /// <summary>
    /// Updates the metadata attributes of an existing submodel element value at a specified path within submodel elements hierarchy
    /// </summary>
    /// <param name="body">The updated metadata attributes of the submodel element</param>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="idShortPath">IdShort path to the submodel element (dot-separated)</param>
    /// <param name="level">Determines the structural depth of the respective resource content</param>
    /// <response code="204">Submodel element updated successfully</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpPatch]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}/submodel-elements/{idShortPath}/$metadata")]
    [ValidateModelState]
    [SwaggerOperation("PatchSubmodelElementValueByPathMetadata")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult PatchSubmodelElementValueByPathMetadata([FromBody] ISubmodelElementMetadata? body, [FromRoute] [Required] string aasIdentifier,
                                                                         [FromRoute] [Required] string submodelIdentifier, [FromRoute] [Required] string idShortPath,
                                                                         [FromQuery] LevelEnum level)
    {
        var decodedAasIdentifier      = _decoderService.Decode("aasIdentifier", aasIdentifier);
        var decodedSubmodelIdentifier = _decoderService.Decode("submodelIdentifier", submodelIdentifier);
        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        if (decodedSubmodelIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedSubmodelIdentifier)} is null");
        }

        _logger.LogInformation($"Received request to update the submodel element at {idShortPath} in the submodel with id {decodedSubmodelIdentifier} and the AAS with id {decodedAasIdentifier}");

        if (body == null)
        {
            return BadRequest($"Could not proceed, as {nameof(body)} is null.");
        }

        //Reverse mapping from Metadata to submodel element
        if (_mappingService.Map(body, "metadata") is not ISubmodelElement submodelElement)
        {
            return BadRequest($"Could not update Submodel  as {nameof(submodelElement)} is null.");
        }

        //Update
        _aasService.UpdateSubmodelElementByPath(decodedAasIdentifier, decodedSubmodelIdentifier, idShortPath, submodelElement);

        return NoContent();
    }

    /// <summary>
    /// Updates the value of an existing submodel element value at a specified path within submodel elements hierarchy
    /// </summary>
    /// <param name="body">The updated value of the submodel element</param>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="idShortPath">IdShort path to the submodel element (dot-separated)</param>
    /// <param name="level">Determines the structural depth of the respective resource content</param>
    /// <response code="204">Submodel element updated successfully</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpPatch]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}/submodel-elements/{idShortPath}/$value")]
    [ValidateModelState]
    [SwaggerOperation("PatchSubmodelElementValueByPathValueOnly")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult PatchSubmodelElementValueByPathValueOnly([FromBody] ISubmodelElementValue? body, [FromRoute] [Required] string aasIdentifier,
                                                                          [FromRoute] [Required] string submodelIdentifier, [FromRoute] [Required] string idShortPath,
                                                                          [FromQuery] LevelEnum level)
    {
        var decodedAasIdentifier      = _decoderService.Decode("aasIdentifier", aasIdentifier);
        var decodedSubmodelIdentifier = _decoderService.Decode("submodelIdentifier", submodelIdentifier);
        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        if (decodedSubmodelIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedSubmodelIdentifier)} is null");
        }

        _logger.LogInformation($"Received request to update the submodel element at {idShortPath} in the submodel with id {decodedSubmodelIdentifier} and the AAS with id {decodedAasIdentifier} by value.");
        if (body == null)
        {
            return BadRequest($"Could not proceed, as {nameof(body)} is null.");
        }

        //Reverse mapping from Metadata to submodel element
        var submodelElement = _mappingService.Map(body, "value") as ISubmodelElement;

        //Update
        if (submodelElement == null)
        {
            return BadRequest($"Could not update Submodel  as {nameof(submodelElement)} is null.");
        }

        _aasService.UpdateSubmodelElementByPath(decodedAasIdentifier, decodedSubmodelIdentifier, idShortPath, submodelElement);

        return NoContent();
    }

    /// <summary>
    /// Creates a new Asset Administration Shell
    /// </summary>
    /// <param name="body">Asset Administration Shell object</param>
    /// <response code="201">Asset Administration Shell created successfully</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="409">Conflict, a resource which shall be created exists already. Might be thrown if a Submodel or SubmodelElement with the same ShortId is contained in a POST request.</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpPost]
    [Route("/shells")]
    [ValidateModelState]
    [SwaggerOperation("PostAssetAdministrationShell")]
    [SwaggerResponse(statusCode: 201, type: typeof(AssetAdministrationShell), description: "Asset Administration Shell created successfully")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 409, type: typeof(Result),
                        description:
                        "Conflict, a resource which shall be created exists already. Might be thrown if a Submodel or SubmodelElement with the same ShortId is contained in a POST request.")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult PostAssetAdministrationShell([FromBody] AssetAdministrationShell? body)
    {
        if (body == null)
        {
            return BadRequest($"Could not proceed, as {nameof(body)} is null.");
        }

        var output = _aasService.CreateAssetAdministrationShell(body);

        return CreatedAtAction("PostAssetAdministrationShell", output);
    }

    /// <summary>
    /// Creates a new submodel element
    /// </summary>
    /// <param name="body">Requested submodel element</param>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <response code="201">Submodel element created successfully</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="409">Conflict, a resource which shall be created exists already. Might be thrown if a Submodel or SubmodelElement with the same ShortId is contained in a POST request.</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpPost]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}/submodel-elements")]
    [ValidateModelState]
    [SwaggerOperation("PostSubmodelElementAasRepository")]
    [SwaggerResponse(statusCode: 201, type: typeof(ISubmodelElement), description: "Submodel element created successfully")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 409, type: typeof(Result),
                        description:
                        "Conflict, a resource which shall be created exists already. Might be thrown if a Submodel or SubmodelElement with the same ShortId is contained in a POST request.")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult PostSubmodelElementAasRepository([FromBody] ISubmodelElement? body, [FromRoute] [Required] string aasIdentifier,
                                                                  [FromRoute] [Required] string submodelIdentifier, bool first)
    {
        var decodedAasIdentifier      = _decoderService.Decode("aasIdentifier", aasIdentifier);
        var decodedSubmodelIdentifier = _decoderService.Decode("submodelIdentifier", submodelIdentifier);
        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        if (decodedSubmodelIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedSubmodelIdentifier)} is null");
        }

        _logger.LogInformation($"Received request to create a new submodel element in the submodel {decodedSubmodelIdentifier} and AAS {decodedAasIdentifier}");
        if (!Program.noSecurity)
        {
            var submodel = _aasService.GetSubmodelById(decodedAasIdentifier, decodedSubmodelIdentifier);
            User.Claims.ToList().Add(new Claim("idShortPath", $"{submodel.IdShort}.{body?.IdShort}"));
            var claimsList = new List<Claim>(User.Claims) {new Claim("IdShortPath", $"{submodel.IdShort}.{body?.IdShort}")};
            var identity   = new ClaimsIdentity(claimsList, "AasSecurityAuth");
            var principal  = new System.Security.Principal.GenericPrincipal(identity, null);
            var authResult = _authorizationService.AuthorizeAsync(principal, submodel, "SecurityPolicy").Result;
            if (!authResult.Succeeded)
            {
                throw new NotAllowed(authResult.Failure.FailureReasons.FirstOrDefault()?.Message ?? string.Empty);
            }
        }

        if (body == null)
        {
            return BadRequest($"Could not proceed, as {nameof(body)} is null.");
        }

        var output = _aasService.CreateSubmodelElement(decodedAasIdentifier, decodedSubmodelIdentifier, first, body);

        return CreatedAtAction("PostSubmodelElementAasRepository", output);
    }

    /// <summary>
    /// Creates a new submodel element at a specified path within submodel elements hierarchy
    /// </summary>
    /// <param name="body">Requested submodel element</param>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="idShortPath">IdShort path to the submodel element (dot-separated)</param>
    /// <response code="201">Submodel element created successfully</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="409">Conflict, a resource which shall be created exists already. Might be thrown if a Submodel or SubmodelElement with the same ShortId is contained in a POST request.</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpPost]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}/submodel-elements/{idShortPath}")]
    [ValidateModelState]
    [SwaggerOperation("PostSubmodelElementByPathAasRepository")]
    [SwaggerResponse(statusCode: 201, type: typeof(ISubmodelElement), description: "Submodel element created successfully")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 409, type: typeof(Result),
                        description:
                        "Conflict, a resource which shall be created exists already. Might be thrown if a Submodel or SubmodelElement with the same ShortId is contained in a POST request.")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult PostSubmodelElementByPathAasRepository([FromBody] ISubmodelElement? body, [FromRoute] [Required] string aasIdentifier,
                                                                        [FromRoute] [Required] string submodelIdentifier, [FromRoute] [Required] string idShortPath,
                                                                        bool first)
    {
        var decodedAasIdentifier      = _decoderService.Decode("aasIdentifier", aasIdentifier);
        var decodedSubmodelIdentifier = _decoderService.Decode("submodelIdentifier", submodelIdentifier);
        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        if (decodedSubmodelIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedSubmodelIdentifier)} is null");
        }

        _logger.LogInformation($"Received request to create a new submodel element in the submodel {decodedSubmodelIdentifier} and AAS {decodedAasIdentifier}");
        if (!Program.noSecurity)
        {
            var submodel = _aasService.GetSubmodelById(decodedAasIdentifier, decodedSubmodelIdentifier);
            User.Claims.ToList().Add(new Claim("idShortPath", $"{submodel.IdShort}.{idShortPath}"));
            var claimsList = new List<Claim>(User.Claims) {new Claim("IdShortPath", $"{submodel.IdShort}.{idShortPath}")};
            var identity   = new ClaimsIdentity(claimsList, "AasSecurityAuth");
            var principal  = new System.Security.Principal.GenericPrincipal(identity, null);
            var authResult = _authorizationService.AuthorizeAsync(principal, submodel, "SecurityPolicy").Result;
            if (!authResult.Succeeded)
            {
                throw new NotAllowed(authResult.Failure.FailureReasons.FirstOrDefault()?.Message ?? string.Empty);
            }
        }

        if (body == null)
        {
            return BadRequest($"Could not proceed, as {nameof(body)} is null.");
        }

        var output = _aasService.CreateSubmodelElementByPath(decodedAasIdentifier, decodedSubmodelIdentifier, idShortPath, first, body);

        return CreatedAtAction("PostSubmodelElementByPathAasRepository", output);
    }

    /// <summary>
    /// Creates a submodel reference at the Asset Administration Shell
    /// </summary>
    /// <param name="body">Reference to the Submodel</param>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <response code="201">Submodel reference created successfully</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="409">Conflict, a resource which shall be created exists already. Might be thrown if a Submodel or SubmodelElement with the same ShortId is contained in a POST request.</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpPost]
    [Route("/shells/{aasIdentifier}/submodel-refs")]
    [ValidateModelState]
    [SwaggerOperation("PostSubmodelReferenceAasRepository")]
    [SwaggerResponse(statusCode: 201, type: typeof(Reference), description: "Submodel reference created successfully")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 409, type: typeof(Result),
                        description:
                        "Conflict, a resource which shall be created exists already. Might be thrown if a Submodel or SubmodelElement with the same ShortId is contained in a POST request.")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult PostSubmodelReferenceAasRepository([FromBody] Reference? body, [FromRoute] [Required] string aasIdentifier)
    {
        var decodedAasIdentifier = _decoderService.Decode("aasIdentifier", aasIdentifier);
        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        _logger.LogInformation($"Received request to create a submodel reference in the AAS with id {decodedAasIdentifier}");

        if (body == null)
        {
            return BadRequest($"Could not proceed, as {nameof(body)} is null.");
        }

        var output = _aasService.CreateSubmodelReferenceInAAS(body, decodedAasIdentifier);

        return CreatedAtAction("PostSubmodelReferenceAasRepository", output);
    }

    /// <summary>
    /// Updates an existing Asset Administration Shell
    /// </summary>
    /// <param name="body">Asset Administration Shell object</param>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <response code="204">Asset Administration Shell updated successfully</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpPut]
    [Route("/shells/{aasIdentifier}")]
    [ValidateModelState]
    [SwaggerOperation("PutAssetAdministrationShellById")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult PutAssetAdministrationShellById([FromBody] AssetAdministrationShell? body, [FromRoute] [Required] string aasIdentifier)
    {
        var decodedAasIdentifier = _decoderService.Decode("aasIdentifier", aasIdentifier);
        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        _logger.LogInformation($"Received request to replace the AAS with id {decodedAasIdentifier}");
        if (body == null)
        {
            return BadRequest($"Could not proceed, as {nameof(body)} is null.");
        }

        _aasService.ReplaceAssetAdministrationShellById(decodedAasIdentifier, body);

        return NoContent();
    }

    /// <summary>
    /// Updates the Asset Information
    /// </summary>
    /// <param name="body">Asset Information object</param>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <response code="204">Asset Information updated successfully</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpPut]
    [Route("/shells/{aasIdentifier}/asset-information")]
    [ValidateModelState]
    [SwaggerOperation("PutAssetInformationAasRepository")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult PutAssetInformationAasRepository([FromBody] AssetInformation? body, [FromRoute] [Required] string aasIdentifier)
    {
        var decodedAasIdentifier = _decoderService.Decode("aasIdentifier", aasIdentifier);
        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        _logger.LogInformation($"Received request to replace the asset information of the AAS with id {decodedAasIdentifier}");
        if (body == null)
        {
            return BadRequest($"Could not proceed, as {nameof(body)} is null.");
        }

        _aasService.ReplaceAssetInformation(decodedAasIdentifier, body);

        return NoContent();
    }


    /// <summary>
    /// Updates the Submodel
    /// </summary>
    /// <param name="body">Submodel object</param>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <response code="204">Submodel updated successfully</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpPut]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}")]
    [ValidateModelState]
    [SwaggerOperation("PutSubmodelByIdAasRepository")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult PutSubmodelByIdAasRepository([FromBody] Submodel? body, [FromRoute] [Required] string aasIdentifier,
                                                              [FromRoute] [Required] string submodelIdentifier)
    {
        var decodedAasIdentifier      = _decoderService.Decode("aasIdentifier", aasIdentifier);
        var decodedSubmodelIdentifier = _decoderService.Decode("submodelIdentifier", submodelIdentifier);
        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        if (decodedSubmodelIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedSubmodelIdentifier)} is null");
        }

        _logger.LogInformation($"Received request to replace a a submodel {decodedSubmodelIdentifier} from the AAS {decodedAasIdentifier}");
        if (body == null)
        {
            return BadRequest($"Could not proceed, as {nameof(body)} is null.");
        }

        _aasService.ReplaceSubmodelById(decodedAasIdentifier, decodedSubmodelIdentifier, body);

        return NoContent();
    }

    /// <summary>
    /// Updates an existing submodel element at a specified path within submodel elements hierarchy
    /// </summary>
    /// <param name="body">Requested submodel element</param>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="idShortPath">IdShort path to the submodel element (dot-separated)</param>
    /// <response code="204">Submodel element updated successfully</response>
    /// <response code="400">Bad Request, e.g. the request parameters of the format of the request body is wrong.</response>
    /// <response code="401">Unauthorized, e.g. the server refused the authorization attempt.</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="500">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpPut]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}/submodel-elements/{idShortPath}")]
    [ValidateModelState]
    [SwaggerOperation("PutSubmodelElementByPathAasRepository")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request, e.g. the request parameters of the format of the request body is wrong.")]
    [SwaggerResponse(statusCode: 401, type: typeof(Result), description: "Unauthorized, e.g. the server refused the authorization attempt.")]
    [SwaggerResponse(statusCode: 403, type: typeof(Result), description: "Forbidden")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 500, type: typeof(Result), description: "Internal Server Error")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult PutSubmodelElementByPathAasRepository([FromBody] ISubmodelElement? body, [FromRoute] [Required] string aasIdentifier,
                                                                       [FromRoute] [Required] string submodelIdentifier, [FromRoute] [Required] string idShortPath)
    {
        var decodedAasIdentifier      = _decoderService.Decode("aasIdentifier", aasIdentifier);
        var decodedSubmodelIdentifier = _decoderService.Decode("submodelIdentifier", submodelIdentifier);
        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        if (decodedSubmodelIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedSubmodelIdentifier)} is null");
        }

        _logger.LogInformation($"Received request to replace a submodel element at {idShortPath} dom the submodel with id {decodedSubmodelIdentifier} from the AAS {decodedAasIdentifier}");
        if (body == null)
        {
            return BadRequest($"Could not proceed, as {nameof(body)} is null.");
        }

        _aasService.ReplaceSubmodelElementByPath(decodedAasIdentifier, decodedSubmodelIdentifier, idShortPath, body);

        return NoContent();
    }

    /// <summary>
    /// Uploads file content to an existing submodel element at a specified path within submodel elements hierarchy
    /// </summary>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="submodelIdentifier">The Submodel’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="idShortPath">IdShort path to the submodel element (dot-separated)</param>
    /// <param name="file">File to upload</param>
    /// <response code="204">Submodel element updated successfully</response>
    /// <response code="400">Bad Request</response>
    /// <response code="404">Not Found</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpPut]
    [Route("/shells/{aasIdentifier}/submodels/{submodelIdentifier}/submodel-elements/{idShortPath}/attachment")]
    [ValidateModelState]
    [SwaggerOperation("PutFileByPath")]
    [SwaggerResponse(statusCode: 204, type: typeof(Result), description: "Submodel element updated successfully")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult PutFileByPath([FromRoute] [Required] string aasIdentifier, [FromRoute] [Required] string submodelIdentifier, [FromRoute] string? idShortPath,
                                               IFormFile? file)
    {
        var decodedAasIdentifier      = _decoderService.Decode("aasIdentifier", aasIdentifier);
        var decodedSubmodelIdentifier = _decoderService.Decode("submodelIdentifier", submodelIdentifier);
        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        if (decodedSubmodelIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedSubmodelIdentifier)} is null");
        }

        var stream = new MemoryStream();
        if (file == null)
        {
            return NoContent();
        }

        file.CopyTo(stream);
        var fileName    = file.FileName;
        var contentType = file.ContentType;

        if (idShortPath == null)
        {
            return BadRequest($"Could not proceed, as {nameof(idShortPath)} is null.");
        }

        _aasService.ReplaceFileByPath(decodedAasIdentifier, decodedSubmodelIdentifier, idShortPath, fileName, contentType, stream);

        return NoContent();
    }

    /// <summary>
    /// Replaces the thumbnail file
    /// </summary>
    /// <param name="aasIdentifier">The Asset Administration Shell’s unique id (UTF8-BASE64-URL-encoded)</param>
    /// <param name="file">Thumbnail to upload</param>
    /// <response code="204">Thumbnail updated successfully</response>
    /// <response code="400">Bad Request</response>
    /// <response code="403">Forbidden</response>
    /// <response code="404">Not Found</response>
    /// <response code="404">Internal Server Error</response>
    /// <response code="0">Default error handling for unmentioned status codes</response>
    [HttpPut]
    [Route("/shells/{aasIdentifier}/asset-information/thumbnail")]
    [ValidateModelState]
    [SwaggerOperation("PutThumbnail")]
    [SwaggerResponse(statusCode: 204, type: typeof(Result), description: "Thumbnail updated successfully")]
    [SwaggerResponse(statusCode: 400, type: typeof(Result), description: "Bad Request")]
    [SwaggerResponse(statusCode: 404, type: typeof(Result), description: "Not Found")]
    [SwaggerResponse(statusCode: 0, type: typeof(Result), description: "Default error handling for unmentioned status codes")]
    public virtual IActionResult PutThumbnail([FromRoute] [Required] string aasIdentifier, IFormFile? file)
    {
        var decodedAasIdentifier = _decoderService.Decode("aasIdentifier", aasIdentifier);
        if (decodedAasIdentifier == null)
        {
            throw new NotAllowed($"Cannot proceed as {nameof(decodedAasIdentifier)} is null");
        }

        var stream = new MemoryStream();
        if (file == null)
        {
            return NoContent();
        }

        file.CopyTo(stream);
        var fileName    = file.FileName;
        var contentType = file.ContentType;

        _aasService.UpdateThumbnail(decodedAasIdentifier, fileName, contentType, stream);

        return NoContent();
    }
}