Diplomarbeit-Absolventenverein/Module.HallOfFame
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1bff5ebbbdbff88449fe8db5a57f046387d48dcc
Module.HallOfFame/Server/Controllers/HallOfFameController.cs
Adam Gaiswinkler 1bff5ebbbd feat(halloffame): implement image upload and enhance module functionality 
- Added image upload system (JPG/PNG, max 5MB) with live preview and removal option
- Fixed Concurrency Exception during deletion (split transactions for reports and entries)
- Optimized card layout: consistent height and height-based truncation for descriptions
- Added sort direction toggle (Ascending/Descending) with arrow icons for Date, Name, and Year
- Refactored HallOfFameService to use streams for Server/Wasm compatibility
- Improved error handling and UI feedback for upload and delete operations
2026-02-10 17:45:48 +01:00

233 lines
9.8 KiB
C#
Raw Blame History

using System;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using System.Collections.Generic;
using System.Linq;
using Microsoft.AspNetCore.Http;
using Oqtane.Shared;
using Oqtane.Enums;
using Oqtane.Infrastructure;
using SZUAbsolventenverein.Module.HallOfFame.Services;
using Oqtane.Controllers;
using System.Net;
using System.Threading.Tasks;
using System.IO;
using Microsoft.AspNetCore.Hosting;
namespace SZUAbsolventenverein.Module.HallOfFame.Controllers
{
[Route(ControllerRoutes.ApiRoute)]
public class HallOfFameController : ModuleControllerBase
{
private readonly IHallOfFameService _HallOfFameService;
private readonly IWebHostEnvironment _environment;
public HallOfFameController(IHallOfFameService HallOfFameService, ILogManager logger, IHttpContextAccessor accessor, IWebHostEnvironment environment) : base(logger, accessor)
{
_HallOfFameService = HallOfFameService;
_environment = environment;
}
// GET: api/<controller>?moduleid=x
// GET: api/<controller>?moduleid=x
[HttpGet]
[Authorize(Policy = PolicyNames.ViewModule)]
public async Task<IEnumerable<Models.HallOfFame>> Get(string moduleid)
{
int ModuleId;
if (int.TryParse(moduleid, out ModuleId) && IsAuthorizedEntityId(EntityNames.Module, ModuleId))
{
var list = await _HallOfFameService.GetHallOfFamesAsync(ModuleId);
if (User.IsInRole(RoleNames.Admin) || User.IsInRole(RoleNames.Host))
{
return list;
}
return list.Where(item => item.Status == "Published");
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized HallOfFame Get Attempt {ModuleId}", moduleid);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
return null;
}
}
// GET api/<controller>/5
[HttpGet("{id}/{moduleid}")]
[Authorize(Policy = PolicyNames.ViewModule)]
public async Task<Models.HallOfFame> Get(int id, int moduleid)
{
Models.HallOfFame HallOfFame = await _HallOfFameService.GetHallOfFameAsync(id, moduleid);
if (HallOfFame != null && IsAuthorizedEntityId(EntityNames.Module, HallOfFame.ModuleId))
{
return HallOfFame;
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized HallOfFame Get Attempt {HallOfFameId} {ModuleId}", id, moduleid);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
return null;
}
}
// GET api/<controller>/user/5?moduleid=x
[HttpGet("user/{userid}")]
[Authorize(Policy = PolicyNames.ViewModule)]
public async Task<Models.HallOfFame> GetByUserId(int userid, string moduleid)
{
int ModuleId;
if (int.TryParse(moduleid, out ModuleId) && IsAuthorizedEntityId(EntityNames.Module, ModuleId))
{
var list = await _HallOfFameService.GetHallOfFamesAsync(ModuleId);
return list.FirstOrDefault(item => item.UserId == userid);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized HallOfFame GetByUserId Attempt {UserId} {ModuleId}", userid, moduleid);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
return null;
}
}
// POST api/<controller>
[HttpPost]
[Authorize(Policy = PolicyNames.EditModule)]
public async Task<Models.HallOfFame> Post([FromBody] Models.HallOfFame HallOfFame)
{
if (ModelState.IsValid && IsAuthorizedEntityId(EntityNames.Module, HallOfFame.ModuleId))
{
// Enforce one entry per user
var allEntries = await _HallOfFameService.GetHallOfFamesAsync(HallOfFame.ModuleId);
if (allEntries.Any(e => e.UserId == HallOfFame.UserId))
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "User {UserId} already has a Hall of Fame entry.", HallOfFame.UserId);
HttpContext.Response.StatusCode = (int)HttpStatusCode.BadRequest;
return null;
}
HallOfFame = await _HallOfFameService.AddHallOfFameAsync(HallOfFame);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized HallOfFame Post Attempt {HallOfFame}", HallOfFame);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
HallOfFame = null;
}
return HallOfFame;
}
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Policy = PolicyNames.EditModule)]
public async Task<Models.HallOfFame> Put(int id, [FromBody] Models.HallOfFame HallOfFame)
{
if (ModelState.IsValid && HallOfFame.HallOfFameId == id && IsAuthorizedEntityId(EntityNames.Module, HallOfFame.ModuleId))
{
var existing = await _HallOfFameService.GetHallOfFameAsync(id, HallOfFame.ModuleId);
if (existing != null && existing.UserId == HallOfFame.UserId)
{
HallOfFame = await _HallOfFameService.UpdateHallOfFameAsync(HallOfFame);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized HallOfFame Put Attempt by User {UserId} for Entry {HallOfFameId}", HallOfFame.UserId, id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
HallOfFame = null;
}
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized HallOfFame Put Attempt {HallOfFame}", HallOfFame);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
HallOfFame = null;
}
return HallOfFame;
}
// PUT api/<controller>/report/5
[HttpPut("report/{id}")]
[Authorize(Policy = PolicyNames.ViewModule)]
public async Task Report(int id, [FromQuery] string reason)
{
Models.HallOfFame HallOfFame = await _HallOfFameService.GetHallOfFameAsync(id, -1);
if (HallOfFame != null && IsAuthorizedEntityId(EntityNames.Module, HallOfFame.ModuleId))
{
await _HallOfFameService.ReportAsync(id, HallOfFame.ModuleId, reason);
}
}
// GET api/<controller>/reports/5?moduleid=x
[HttpGet("reports/{id}")]
[Authorize(Policy = PolicyNames.EditModule)]
public async Task<IEnumerable<Models.HallOfFameReport>> GetReports(int id, string moduleid)
{
int ModuleId;
if (int.TryParse(moduleid, out ModuleId) && IsAuthorizedEntityId(EntityNames.Module, ModuleId))
{
return await _HallOfFameService.GetHallOfFameReportsAsync(id, ModuleId);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized HallOfFame GetReports Attempt {HallOfFameId} {ModuleId}", id, moduleid);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
return null;
}
}
// DELETE api/<controller>/report/5/x
[HttpDelete("report/{id}/{moduleid}")]
[Authorize(Policy = PolicyNames.EditModule)]
public async Task DeleteReport(int id, int moduleid)
{
if (IsAuthorizedEntityId(EntityNames.Module, moduleid))
{
await _HallOfFameService.DeleteHallOfFameReportAsync(id, moduleid);
}
}
[HttpDelete("{id}/{moduleid}")]
[Authorize(Policy = PolicyNames.EditModule)]
public async Task Delete(int id, int moduleid)
{
Models.HallOfFame HallOfFame = await _HallOfFameService.GetHallOfFameAsync(id, moduleid);
if (HallOfFame != null && IsAuthorizedEntityId(EntityNames.Module, HallOfFame.ModuleId))
{
await _HallOfFameService.DeleteHallOfFameAsync(id, HallOfFame.ModuleId);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized HallOfFame Delete Attempt {HallOfFameId} {ModuleId}", id, moduleid);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
}
[HttpPost("upload")]
[Authorize(Policy = PolicyNames.EditModule)]
public async Task<IActionResult> Upload(IFormFile file)
{
if (file == null || file.Length == 0) return BadRequest("Keine Datei ausgewählt.");
var extension = Path.GetExtension(file.FileName).ToLower();
if (extension != ".jpg" && extension != ".jpeg" && extension != ".png")
{
return BadRequest("Nur JPG und PNG Dateien sind erlaubt.");
}
var folder = Path.Combine(_environment.WebRootPath, "Content", "HallOfFame");
if (!Directory.Exists(folder))
{
Directory.CreateDirectory(folder);
}
var fileName = Guid.NewGuid().ToString() + extension;
var path = Path.Combine(folder, fileName);
using (var stream = new FileStream(path, FileMode.Create))
{
await file.CopyToAsync(stream);
}
return Ok(new { url = "/Content/HallOfFame/" + fileName });
}
}
}
Reference in New Issue View Git Blame Copy Permalink