using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Authorization; using System.Collections.Generic; using Microsoft.AspNetCore.Http; using Oqtane.Shared; using Oqtane.Enums; using Oqtane.Infrastructure; using SZUAbsolventenverein.Module.AdminModules.Services; using Oqtane.Controllers; using System.Net; using System.Threading.Tasks; using SZUAbsolventenverein.Module.AdminModules.Models; using Oqtane.Models; using SZUAbsolventenverein.Module.ReportSystem.Models; using SZUAbsolventenverein.Module.ReportSystem.Services; namespace SZUAbsolventenverein.Module.ReportSystem.Controllers { [Route(ControllerRoutes.ApiRoute)] public class ReportSystemController : ModuleControllerBase { private readonly IReportSystemReportingService _reportSystemReportingService; public ReportSystemController(IReportSystemReportingService reportSystemReportingService, ILogManager logger, IHttpContextAccessor accessor) : base(logger, accessor) { _reportSystemReportingService = reportSystemReportingService; } // GET: api/?moduleid=x [HttpGet] [Authorize(Policy = PolicyNames.ViewModule)] public async Task> Get(string moduleid) { int ModuleId; if (int.TryParse(moduleid, out ModuleId) && IsAuthorizedEntityId(EntityNames.Module, ModuleId)) { return await _reportSystemReportingService.GetReportsAsync(ModuleId); } else { _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Reporting Get Attempt {ModuleId}", moduleid); HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; return null; } } // GET api//5 [HttpGet("get/{id}/{moduleid}")] [Authorize(Policy = PolicyNames.ViewModule)] public async Task Get(int id, int moduleid) { if (IsAuthorizedEntityId(EntityNames.Module, moduleid)) { return await _reportSystemReportingService.GetReportAsync(id, moduleid); } else { _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Reporting Get Attempt {Reporting} {ModuleId}", id, moduleid); HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; return null; } } // POST api/ [HttpPost] [Authorize(Policy = PolicyNames.EditModule)] public async Task Post([FromBody] Reporting Reporting) { if (ModelState.IsValid && IsAuthorizedEntityId(EntityNames.Module, Reporting.ModuleId)) { Reporting = await _reportSystemReportingService.CreateReportAsync(Reporting); } else { _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Reporting Post Attempt {Reporting}", Reporting); HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; Reporting = null; } return Reporting; } // PUT api//5 [HttpPut("{id}")] [Authorize(Policy = PolicyNames.EditModule)] public async Task Put(int id, [FromBody] Reporting Reporting) { if (ModelState.IsValid && Reporting.ReportingID == id && IsAuthorizedEntityId(EntityNames.Module, Reporting.ReportingID)) { Reporting = await _reportSystemReportingService.UpdateReport(Reporting); } else { _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Reporting Put Attempt {Reporting}", Reporting); HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; Reporting = null; } return Reporting; } // DELETE api//5 [HttpDelete("{id}/{moduleid}")] [Authorize(Policy = PolicyNames.EditModule)] public async Task Delete(int id, int moduleid) { Reporting Reporting = await _reportSystemReportingService.GetReportAsync(id, moduleid); if (Reporting != null && IsAuthorizedEntityId(EntityNames.Module, Reporting.ReportingID)) { await _reportSystemReportingService.DeleteReportingAsync(id, Reporting.ReportingID); } else { _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Reporting Delete Attempt {ReportingID} {ModuleId}", id, moduleid); HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; } } } }