using AsbCloudApp.Data;
using AsbCloudApp.Services;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using System.Collections.Generic;
using System.Linq;
using System.Threading;
using System.Threading.Tasks;
// For more information on enabling Web API for empty projects, visit https://go.microsoft.com/fwlink/?LinkID=397860
namespace AsbCloudWebApi.Controllers
{
///
/// CRUD контроллер для админки.
///
///
///
[ApiController]
[Route("api/[controller]")]
[Authorize]
public abstract class CrudWellRelatedController : CrudController
where T : IId, IWellRelated
where TService : ICrudWellRelatedService
{
private readonly IWellService wellService;
protected CrudWellRelatedController(IWellService wellService, TService service)
: base(service)
{
this.wellService = wellService;
}
///
/// Получение всех записей, доступных компании пользователя.
///
///
///
[HttpGet]
public override async Task>> GetAllAsync(CancellationToken token)
{
var idCompany = User.GetCompanyId();
if (idCompany is null)
return Forbid();
var wells = await wellService.GetWellsByCompanyAsync((int)idCompany, token);
if (!wells.Any())
return NoContent();
var idsWells = wells.Select(w => w.Id);
var result = await service.GetAllAsync(idsWells, token);
return Ok(result);
}
///
/// Получение всех записей, для скважины.
///
///
///
///
[HttpGet("well/{idWell}")]
public async Task>> GetAllAsync(int idWell, CancellationToken token)
{
if (!await UserHasAccesToWellAsync(idWell, token))
return Forbid();
var result = await service.GetAllAsync(idWell, token);
return Ok(result);
}
///
[HttpGet("{id}")]
public override async Task> GetAsync(int id, CancellationToken token)
{
var actionResult = await base.GetAsync(id, token);
var result = actionResult.Value;
if(!await UserHasAccesToWellAsync(result.IdWell, token))
return Forbid();
return Ok(result);
}
///
[HttpPost]
public override async Task> InsertAsync([FromBody] T value, CancellationToken token)
{
if (!await UserHasAccesToWellAsync(value.IdWell, token))
return Forbid();
return await base.InsertAsync(value, token);
}
///
[HttpPost("range")]
public override async Task> InsertRangeAsync([FromBody] IEnumerable values, CancellationToken token)
{
var idsWells = values.Select(v => v.IdWell).Distinct();
foreach (var idWell in idsWells)
if (!await UserHasAccesToWellAsync(idWell, token))
return Forbid();
return await base.InsertRangeAsync(values, token);
}
///
[HttpPut]
public override async Task> UpdateAsync([FromBody] T value, CancellationToken token)
{
if (!await UserHasAccesToWellAsync(value.IdWell, token))
return Forbid();
return await base.UpdateAsync(value, token);
}
[HttpDelete("{id}")]
public override async Task> DeleteAsync(int id, CancellationToken token)
{
var item = await service.GetAsync(id, token);
if(item is null)
return NoContent();
if (!await UserHasAccesToWellAsync(item.IdWell, token))
return Forbid();
return await base.DeleteAsync(id, token);
}
protected async Task UserHasAccesToWellAsync(int idWell, CancellationToken token)
{
var idCompany = User.GetCompanyId();
if (idCompany is not null &&
await wellService.IsCompanyInvolvedInWellAsync((int)idCompany, idWell, token)
.ConfigureAwait(false))
return true;
return false;
}
}
}