Diplomarbeit-Absolventenverein/Module.EventRegistration
10
0
Fork 0
Code Issues 9 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Module.EventRegistration/Server/Controllers/EventRegistrationController.cs
Konstantin Hintermayer 38c5bef225 Bulk-Commit: Darft: Anmeldetool. 
Interface Definition: done
Server-Side-Implementation: partly done (CR missing, potential Refactor, ...)
Client-Side-Implementation: started: (UI: done, Service: started, but works with SSR)
Missing: Permissions / Roles to restrict access to an event.
Missing: Fields on Event.
Missing: Good Styling
Time-Took: about 12 Hours.
Learning: Commit in smaller packets, rest will be discussed at CR
2025-05-14 20:40:10 +02:00

137 lines
5.9 KiB
C#
Raw Blame History

using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using System.Collections.Generic;
using Microsoft.AspNetCore.Http;
using Oqtane.Shared;
using Oqtane.Enums;
using Oqtane.Infrastructure;
using SZUAbsolventenverein.Module.EventRegistration.Services;
using Oqtane.Controllers;
using System.Net;
using System.Threading.Tasks;
namespace SZUAbsolventenverein.Module.EventRegistration.Controllers
{
[Route(ControllerRoutes.ApiRoute)]
public class EventRegistrationController : ModuleControllerBase
{
private readonly IEventRegistrationService _EventRegistrationService;
public EventRegistrationController(IEventRegistrationService EventRegistrationService, ILogManager logger, IHttpContextAccessor accessor) : base(logger, accessor)
{
_EventRegistrationService = EventRegistrationService;
}
// GET: api/<controller>?moduleid=x
[HttpGet]
[Authorize(Policy = PolicyNames.ViewModule)]
public async Task<IEnumerable<Models.Event>> Get(string moduleid)
{
int ModuleId;
if (int.TryParse(moduleid, out ModuleId) && IsAuthorizedEntityId(EntityNames.Module, ModuleId))
{
return await _EventRegistrationService.GetEventsAsync(ModuleId);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized EventRegistration Get Attempt {ModuleId}", moduleid);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
return null;
}
}
// GET api/<controller>/5
[HttpGet("{id}/{moduleid}")]
[Authorize(Policy = PolicyNames.ViewModule)]
public async Task<Models.Event> Get(int id, int moduleid)
{
Models.Event EventRegistration = await _EventRegistrationService.GetEventAsync(id, moduleid);
if (EventRegistration != null && IsAuthorizedEntityId(EntityNames.Module, EventRegistration.ModuleId))
{
return EventRegistration;
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized EventRegistration Get Attempt {EventRegistrationId} {ModuleId}", id, moduleid);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
return null;
}
}
// POST api/<controller>
[HttpPost]
[Authorize(Policy = PolicyNames.EditModule)]
public async Task<Models.Event> Post([FromBody] Models.Event EventRegistration)
{
if (ModelState.IsValid && IsAuthorizedEntityId(EntityNames.Module, EventRegistration.ModuleId))
{
EventRegistration = await _EventRegistrationService.AddEventAsync(EventRegistration);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized EventRegistration Post Attempt {EventRegistration}", EventRegistration);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
EventRegistration = null;
}
return EventRegistration;
}
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Policy = PolicyNames.EditModule)]
public async Task<Models.Event> Put(int id, [FromBody] Models.Event EventRegistration)
{
if (ModelState.IsValid && EventRegistration.EventId == id && IsAuthorizedEntityId(EntityNames.Module, EventRegistration.ModuleId))
{
EventRegistration = await _EventRegistrationService.UpdateEventAsync(EventRegistration);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized EventRegistration Put Attempt {EventRegistration}", EventRegistration);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
EventRegistration = null;
}
return EventRegistration;
}
// DELETE api/<controller>/5
[HttpDelete("{id}/{moduleid}")]
[Authorize(Policy = PolicyNames.EditModule)]
public async Task Delete(int id, int moduleid)
{
Models.Event EventRegistration = await _EventRegistrationService.GetEventAsync(id, moduleid);
if (EventRegistration != null && IsAuthorizedEntityId(EntityNames.Module, EventRegistration.ModuleId))
{
await _EventRegistrationService.DeleteEventAsync(id, EventRegistration.ModuleId);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized EventRegistration Delete Attempt {EventRegistrationId} {ModuleId}", id, moduleid);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
}
// GET api/<controller>/5
[HttpGet("details/{id}/{moduleid}")]
[Authorize(Policy = PolicyNames.ViewModule)]
public async Task<(Models.Event, Models.Response)> GetDetails(int id, int moduleid)
{
Models.Event EventRegistration;
Models.Response EventResponse;
(EventRegistration, EventResponse) = await _EventRegistrationService.GetEventDetails(id, moduleid);
if (EventRegistration != null && EventResponse != null && IsAuthorizedEntityId(EntityNames.Module, EventRegistration.ModuleId))
{
return (EventRegistration, EventResponse);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized EventRegistration Get Attempt {EventRegistrationId} {ModuleId}", id, moduleid);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
return (null, null);
}
}
// TODO: Add Event Response Endpoints.
}
}
Reference in New Issue View Git Blame Copy Permalink