DD.WellWorkover.Cloud/AsbCloudWebApi/Controllers/ManualController.cs

using System.ComponentModel.DataAnnotations;
using System.Threading;
using System.Threading.Tasks;
using AsbCloudApp.Repositories;
using AsbCloudApp.Services;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;

namespace AsbCloudWebApi.Controllers;

[ApiController]
[Route("api/[controller]")]
public class ManualController : ControllerBase
{
	private readonly IManualCatalogService manualCatalogService;
	private readonly IUserRepository userRepository;

	public ManualController(IManualCatalogService manualCatalogService,
		IUserRepository userRepository)
	{
		this.manualCatalogService = manualCatalogService;
		this.userRepository = userRepository;
	}

	/// <summary>
	/// Сохранение файла
	/// </summary>
	/// <param name="idCategory">Необязательный параметр. 30000 - АСУ ТП, 30001 - Технология бурения</param>
	/// <param name="idFolder">Необязательный параметр. Id папки</param>
	/// <param name="file">Загружаемый файл</param>
	/// <param name="cancellationToken"></param>
	/// <returns></returns>
	[HttpPost]
	[Permission]
	[ProducesResponseType(typeof(int), StatusCodes.Status200OK)]
	[ProducesResponseType(StatusCodes.Status400BadRequest)]
	[ProducesResponseType(StatusCodes.Status403Forbidden)]
	public async Task<IActionResult> SaveFileAsync(
		[Range(minimum: 30000, maximum: 30001, ErrorMessage = "Категория файла недопустима. Допустимые: 30000, 30001")]
		int? idCategory,
		int? idFolder,
		[Required] IFormFile file,
		CancellationToken cancellationToken)
	{
		if(!CanUserAccess("Manual.edit"))
			return Forbid();
		
		using var fileStream = file.OpenReadStream();

		var id = await manualCatalogService.SaveFileAsync(idCategory, idFolder, file.FileName, fileStream, cancellationToken);

		return Ok(id);
	}
	
	/// <summary>
	/// Получение файла
	/// </summary>
	/// <param name="id">Id инструкции</param>
	/// <param name="cancellationToken"></param>
	/// <returns></returns>
	[HttpGet("{id:int}")]
	[Permission]
	[ProducesResponseType(typeof(PhysicalFileResult), StatusCodes.Status200OK, "application/octet-stream")]
	[ProducesResponseType(StatusCodes.Status204NoContent)]
	[ProducesResponseType(StatusCodes.Status403Forbidden)]
	public async Task<IActionResult> GetFileAsync(int id, CancellationToken cancellationToken)
	{
		if(!CanUserAccess("Manual.view"))
			return Forbid();
		
		var file = await manualCatalogService.GetFileAsync(id, cancellationToken);
		
		if (!file.HasValue)
			return NoContent();
        
		return File(file.Value.stream, "application/octet-stream", file.Value.fileName);
	}

	/// <summary>
	/// Удаление файла
	/// </summary>
	/// <param name="id">Id инструкции</param>
	/// <param name="cancellationToken"></param>
	/// <returns></returns>
	[HttpDelete]
	[Permission]
	[ProducesResponseType(typeof(int), StatusCodes.Status200OK)]
	[ProducesResponseType(StatusCodes.Status403Forbidden)]
	public async Task<IActionResult> DeleteFileAsync(int id, CancellationToken cancellationToken)
	{
		if(!CanUserAccess("Manual.edit"))
			return Forbid();
		
		return Ok(await manualCatalogService.DeleteFileAsync(id, cancellationToken));
	}

	/// <summary>
	/// Получение каталога с инструкциями
	/// </summary>
	/// <param name="cancellationToken"></param>
	/// <returns></returns>
	[HttpGet]
	[Permission]
	[ProducesResponseType(typeof(int), StatusCodes.Status200OK)]
	[ProducesResponseType(StatusCodes.Status403Forbidden)]
	public async Task<IActionResult> GetCatalogAsync(CancellationToken cancellationToken)
	{
		if(!CanUserAccess("Manual.view"))
			return Forbid();

		return Ok(await manualCatalogService.GetCatalogAsync(cancellationToken));
	}

	private bool CanUserAccess(string permission)
	{
		var idUser = User.GetUserId();
		
		return idUser.HasValue && userRepository.HasPermission(idUser.Value, permission);
	}
}