using AsbCloudApp.Data; using AsbCloudApp.Services; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using System.Collections.Generic; using System.Linq; using System.Threading; using System.Threading.Tasks; // For more information on enabling Web API for empty projects, visit https://go.microsoft.com/fwlink/?LinkID=397860 namespace AsbCloudWebApi.Controllers { /// /// CRUD контроллер для админки. /// /// /// [ApiController] [Route("api/[controller]")] [Authorize] public abstract class CrudWellRelatedController : CrudController where T : IId, IWellRelated where TService : ICrudWellRelatedService { private readonly IWellService wellService; protected CrudWellRelatedController(IWellService wellService, TService service) : base(service) { this.wellService = wellService; } /// /// Получение всех записей, доступных компании пользователя. /// /// /// [HttpGet] public override async Task>> GetAllAsync(CancellationToken token) { var idCompany = User.GetCompanyId(); if (idCompany is null) return Forbid(); var wells = await wellService.GetWellsByCompanyAsync((int)idCompany, token); if (!wells.Any()) return NoContent(); var idsWells = wells.Select(w => w.Id); var result = await service.GetAllAsync(idsWells, token); return Ok(result); } /// /// Получение всех записей, для скважины. /// /// /// /// [HttpGet("well/{idWell}")] public async Task>> GetAllAsync(int idWell, CancellationToken token) { if (!await UserHasAccesToWellAsync(idWell, token)) return Forbid(); var result = await service.GetAllAsync(idWell, token); return Ok(result); } /// [HttpGet("{id}")] public override async Task> GetAsync(int id, CancellationToken token) { var actionResult = await base.GetAsync(id, token); var result = actionResult.Value; if(!await UserHasAccesToWellAsync(result.IdWell, token)) return Forbid(); return Ok(result); } /// [HttpPost] public override async Task> InsertAsync([FromBody] T value, CancellationToken token) { if (!await UserHasAccesToWellAsync(value.IdWell, token)) return Forbid(); return await base.InsertAsync(value, token); } /// [HttpPost("range")] public override async Task> InsertRangeAsync([FromBody] IEnumerable values, CancellationToken token) { var idsWells = values.Select(v => v.IdWell).Distinct(); foreach (var idWell in idsWells) if (!await UserHasAccesToWellAsync(idWell, token)) return Forbid(); return await base.InsertRangeAsync(values, token); } /// [HttpPut] public override async Task> UpdateAsync([FromBody] T value, CancellationToken token) { if (!await UserHasAccesToWellAsync(value.IdWell, token)) return Forbid(); return await base.UpdateAsync(value, token); } [HttpDelete("{id}")] public override async Task> DeleteAsync(int id, CancellationToken token) { var item = await service.GetAsync(id, token); if(item is null) return NoContent(); if (!await UserHasAccesToWellAsync(item.IdWell, token)) return Forbid(); return await base.DeleteAsync(id, token); } protected async Task UserHasAccesToWellAsync(int idWell, CancellationToken token) { var idCompany = User.GetCompanyId(); if (idCompany is not null && await wellService.IsCompanyInvolvedInWellAsync((int)idCompany, idWell, token) .ConfigureAwait(false)) return true; return false; } } }