using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Authorization; using System.Collections.Generic; using Microsoft.AspNetCore.Http; using Oqtane.Shared; using Oqtane.Enums; using Oqtane.Infrastructure; using SZUAbsolventenverein.Module.PremiumArea.Services; using Oqtane.Controllers; using System.Net; using System.Threading.Tasks; namespace SZUAbsolventenverein.Module.PremiumArea.Controllers { [Route(ControllerRoutes.ApiRoute)] public class PremiumAreaController : ModuleControllerBase { private readonly IPremiumAreaService _PremiumAreaService; public PremiumAreaController(IPremiumAreaService PremiumAreaService, ILogManager logger, IHttpContextAccessor accessor) : base(logger, accessor) { _PremiumAreaService = PremiumAreaService; } // GET: api/?moduleid=x [HttpGet] [Authorize(Policy = PolicyNames.ViewModule)] public async Task> Get(string moduleid) { int ModuleId; if (int.TryParse(moduleid, out ModuleId) && IsAuthorizedEntityId(EntityNames.Module, ModuleId)) { return await _PremiumAreaService.GetPremiumAreasAsync(ModuleId); } else { _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized PremiumArea Get Attempt {ModuleId}", moduleid); HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; return null; } } // GET api//5 [HttpGet("{id}/{moduleid}")] [Authorize(Policy = PolicyNames.ViewModule)] public async Task Get(int id, int moduleid) { Models.PremiumArea PremiumArea = await _PremiumAreaService.GetPremiumAreaAsync(id, moduleid); if (PremiumArea != null && IsAuthorizedEntityId(EntityNames.Module, PremiumArea.ModuleId)) { return PremiumArea; } else { _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized PremiumArea Get Attempt {PremiumAreaId} {ModuleId}", id, moduleid); HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; return null; } } // POST api/ [HttpPost] [Authorize(Policy = PolicyNames.EditModule)] public async Task Post([FromBody] Models.PremiumArea PremiumArea) { if (ModelState.IsValid && IsAuthorizedEntityId(EntityNames.Module, PremiumArea.ModuleId)) { PremiumArea = await _PremiumAreaService.AddPremiumAreaAsync(PremiumArea); } else { _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized PremiumArea Post Attempt {PremiumArea}", PremiumArea); HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; PremiumArea = null; } return PremiumArea; } // PUT api//5 [HttpPut("{id}")] [Authorize(Policy = PolicyNames.EditModule)] public async Task Put(int id, [FromBody] Models.PremiumArea PremiumArea) { if (ModelState.IsValid && PremiumArea.PremiumAreaId == id && IsAuthorizedEntityId(EntityNames.Module, PremiumArea.ModuleId)) { PremiumArea = await _PremiumAreaService.UpdatePremiumAreaAsync(PremiumArea); } else { _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized PremiumArea Put Attempt {PremiumArea}", PremiumArea); HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; PremiumArea = null; } return PremiumArea; } // DELETE api//5 [HttpDelete("{id}/{moduleid}")] [Authorize(Policy = PolicyNames.EditModule)] public async Task Delete(int id, int moduleid) { Models.PremiumArea PremiumArea = await _PremiumAreaService.GetPremiumAreaAsync(id, moduleid); if (PremiumArea != null && IsAuthorizedEntityId(EntityNames.Module, PremiumArea.ModuleId)) { await _PremiumAreaService.DeletePremiumAreaAsync(id, PremiumArea.ModuleId); } else { _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized PremiumArea Delete Attempt {PremiumAreaId} {ModuleId}", id, moduleid); HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; } } } }