118 lines
4.7 KiB
C#
118 lines
4.7 KiB
C#
using Microsoft.AspNetCore.Mvc;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using System.Collections.Generic;
|
|
using Microsoft.AspNetCore.Http;
|
|
using Oqtane.Shared;
|
|
using Oqtane.Enums;
|
|
using Oqtane.Infrastructure;
|
|
using SZUAbsolventenverein.Module.AdminModules.Services;
|
|
using Oqtane.Controllers;
|
|
using System.Net;
|
|
using System.Threading.Tasks;
|
|
using SZUAbsolventenverein.Module.AdminModules.Models;
|
|
using Oqtane.Models;
|
|
using SZUAbsolventenverein.Module.ReportSystem.Models;
|
|
using SZUAbsolventenverein.Module.ReportSystem.Services;
|
|
|
|
namespace SZUAbsolventenverein.Module.ReportSystem.Controllers
|
|
{
|
|
[Route(ControllerRoutes.ApiRoute)]
|
|
public class ReportSystemController : ModuleControllerBase
|
|
{
|
|
private readonly IReportSystemReportingService _reportSystemReportingService;
|
|
|
|
public ReportSystemController(IReportSystemReportingService reportSystemReportingService, ILogManager logger, IHttpContextAccessor accessor) : base(logger, accessor)
|
|
{
|
|
_reportSystemReportingService = reportSystemReportingService;
|
|
}
|
|
|
|
// GET: api/<controller>?moduleid=x
|
|
[HttpGet]
|
|
[Authorize(Policy = PolicyNames.ViewModule)]
|
|
public async Task<IEnumerable<Reporting>> Get(string moduleid)
|
|
{
|
|
int ModuleId;
|
|
if (int.TryParse(moduleid, out ModuleId) && IsAuthorizedEntityId(EntityNames.Module, ModuleId))
|
|
{
|
|
return await _reportSystemReportingService.GetReportsAsync(ModuleId);
|
|
}
|
|
else
|
|
{
|
|
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Reporting Get Attempt {ModuleId}", moduleid);
|
|
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
|
|
return null;
|
|
}
|
|
}
|
|
|
|
// GET api/<controller>/5
|
|
[HttpGet("get/{id}/{moduleid}")]
|
|
[Authorize(Policy = PolicyNames.ViewModule)]
|
|
public async Task<Reporting> Get(int id, int moduleid)
|
|
{
|
|
if (IsAuthorizedEntityId(EntityNames.Module, moduleid))
|
|
{
|
|
return await _reportSystemReportingService.GetReportAsync(id, moduleid);
|
|
}
|
|
else
|
|
{
|
|
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Reporting Get Attempt {Reporting} {ModuleId}", id, moduleid);
|
|
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
|
|
return null;
|
|
}
|
|
}
|
|
|
|
// POST api/<controller>
|
|
[HttpPost]
|
|
[Authorize(Policy = PolicyNames.EditModule)]
|
|
public async Task<Reporting> Post([FromBody] Reporting Reporting)
|
|
{
|
|
if (ModelState.IsValid && IsAuthorizedEntityId(EntityNames.Module, Reporting.ModuleId))
|
|
{
|
|
Reporting = await _reportSystemReportingService.CreateReportAsync(Reporting);
|
|
}
|
|
else
|
|
{
|
|
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Reporting Post Attempt {Reporting}", Reporting);
|
|
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
|
|
Reporting = null;
|
|
}
|
|
return Reporting;
|
|
}
|
|
|
|
// PUT api/<controller>/5
|
|
[HttpPut("{id}")]
|
|
[Authorize(Policy = PolicyNames.EditModule)]
|
|
public async Task<Reporting> Put(int id, [FromBody] Reporting Reporting)
|
|
{
|
|
if (ModelState.IsValid && Reporting.ReportingID == id && IsAuthorizedEntityId(EntityNames.Module, Reporting.ReportingID))
|
|
{
|
|
Reporting = await _reportSystemReportingService.UpdateReport(Reporting);
|
|
}
|
|
else
|
|
{
|
|
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Reporting Put Attempt {Reporting}", Reporting);
|
|
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
|
|
Reporting = null;
|
|
}
|
|
return Reporting;
|
|
}
|
|
|
|
// DELETE api/<controller>/5
|
|
[HttpDelete("{id}/{moduleid}")]
|
|
[Authorize(Policy = PolicyNames.EditModule)]
|
|
public async Task Delete(int id, int moduleid)
|
|
{
|
|
Reporting Reporting = await _reportSystemReportingService.GetReportAsync(id, moduleid);
|
|
if (Reporting != null && IsAuthorizedEntityId(EntityNames.Module, Reporting.ReportingID))
|
|
{
|
|
await _reportSystemReportingService.DeleteReportingAsync(id, Reporting.ReportingID);
|
|
}
|
|
else
|
|
{
|
|
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Reporting Delete Attempt {ReportingID} {ModuleId}", id, moduleid);
|
|
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
|
|
}
|
|
}
|
|
}
|
|
}
|