| 1 | using ChapterX.Application.User.Commands;
|
|---|
| 2 | using ChapterX.Application.User.Queries;
|
|---|
| 3 | using MediatR;
|
|---|
| 4 | using Microsoft.AspNetCore.Authorization;
|
|---|
| 5 | using Microsoft.AspNetCore.Mvc;
|
|---|
| 6 | using Microsoft.Extensions.Logging;
|
|---|
| 7 | using System.IdentityModel.Tokens.Jwt;
|
|---|
| 8 | using System.Security.Claims;
|
|---|
| 9 |
|
|---|
| 10 | namespace ChapterX.API.Controllers
|
|---|
| 11 | {
|
|---|
| 12 | [Route("api/[controller]")]
|
|---|
| 13 | [ApiController]
|
|---|
| 14 | public class UsersController : ControllerBase
|
|---|
| 15 | {
|
|---|
| 16 | private readonly IMediator _mediator;
|
|---|
| 17 | private readonly ILogger<UsersController> _logger;
|
|---|
| 18 |
|
|---|
| 19 | public UsersController(IMediator mediator, ILogger<UsersController> logger)
|
|---|
| 20 | {
|
|---|
| 21 | _mediator = mediator;
|
|---|
| 22 | _logger = logger;
|
|---|
| 23 | }
|
|---|
| 24 |
|
|---|
| 25 | [HttpGet]
|
|---|
| 26 | [AllowAnonymous]
|
|---|
| 27 | public async Task<ActionResult> GetAll()
|
|---|
| 28 | {
|
|---|
| 29 | _logger.LogInformation("Fetching all users");
|
|---|
| 30 | var response = await _mediator.Send(new GetAllRequest());
|
|---|
| 31 | var result = response.Users.Select(u => new
|
|---|
| 32 | {
|
|---|
| 33 | id = u.Id,
|
|---|
| 34 | username = u.Username,
|
|---|
| 35 | name = u.Name,
|
|---|
| 36 | surname = u.Surname,
|
|---|
| 37 | email = u.Email,
|
|---|
| 38 | role = u.Admin != null ? "admin" : u.Writer != null ? "writer" : "regular",
|
|---|
| 39 | });
|
|---|
| 40 | return Ok(result);
|
|---|
| 41 | }
|
|---|
| 42 |
|
|---|
| 43 | [HttpGet("{id:int}")]
|
|---|
| 44 | [AllowAnonymous]
|
|---|
| 45 | public async Task<ActionResult> GetById(int id)
|
|---|
| 46 | {
|
|---|
| 47 | _logger.LogInformation("Fetching user with ID: {UserId}", id);
|
|---|
| 48 | var response = await _mediator.Send(new GetRequest(id));
|
|---|
| 49 | return Ok(response);
|
|---|
| 50 | }
|
|---|
| 51 |
|
|---|
| 52 | [HttpPost]
|
|---|
| 53 | [Authorize]
|
|---|
| 54 | public async Task<ActionResult> Add([FromBody] AddRequest request)
|
|---|
| 55 | {
|
|---|
| 56 | _logger.LogInformation("Adding a new user with username: {Username}", request.Username);
|
|---|
| 57 | var response = await _mediator.Send(request);
|
|---|
| 58 | return Ok(response);
|
|---|
| 59 | }
|
|---|
| 60 |
|
|---|
| 61 | [HttpPut("{id:int}")]
|
|---|
| 62 | [Authorize]
|
|---|
| 63 | public async Task<ActionResult> Update(int id, [FromBody] UpdateRequest request)
|
|---|
| 64 | {
|
|---|
| 65 | _logger.LogInformation("Updating user with ID: {UserId}", id);
|
|---|
| 66 | if (id != request.Id)
|
|---|
| 67 | {
|
|---|
| 68 | return BadRequest("Route ID and body ID must match.");
|
|---|
| 69 | }
|
|---|
| 70 |
|
|---|
| 71 | var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!);
|
|---|
| 72 | var isAdmin = User.IsInRole("Admin");
|
|---|
| 73 | if (callerId != id && !isAdmin)
|
|---|
| 74 | return Forbid();
|
|---|
| 75 |
|
|---|
| 76 | var response = await _mediator.Send(request);
|
|---|
| 77 | return Ok(response);
|
|---|
| 78 | }
|
|---|
| 79 |
|
|---|
| 80 | [HttpDelete("{id:int}")]
|
|---|
| 81 | [Authorize]
|
|---|
| 82 | public async Task<ActionResult> Delete(int id)
|
|---|
| 83 | {
|
|---|
| 84 | _logger.LogInformation("Deleting user with ID: {UserId}", id);
|
|---|
| 85 | var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!);
|
|---|
| 86 | var isAdmin = User.IsInRole("Admin");
|
|---|
| 87 | if (callerId != id && !isAdmin)
|
|---|
| 88 | return Forbid();
|
|---|
| 89 |
|
|---|
| 90 | var response = await _mediator.Send(new DeleteRequest(id));
|
|---|
| 91 | return Ok(response);
|
|---|
| 92 | }
|
|---|
| 93 | }
|
|---|
| 94 | }
|
|---|
| 95 |
|
|---|