forked from ddrilling/AsbCloudServer
Степанов Дмитрий
f6bc677a68
1. Поправил удаление директории 2. Вынес проверку прав в отдельный метод
110 lines
3.8 KiB
C#
110 lines
3.8 KiB
C#
using System.Collections.Generic;
|
||
using System.Threading;
|
||
using System.Threading.Tasks;
|
||
using AsbCloudApp.Data.Manuals;
|
||
using AsbCloudApp.Exceptions;
|
||
using AsbCloudApp.Repositories;
|
||
using AsbCloudApp.Services;
|
||
using Microsoft.AspNetCore.Authorization;
|
||
using Microsoft.AspNetCore.Http;
|
||
using Microsoft.AspNetCore.Mvc;
|
||
namespace AsbCloudWebApi.Controllers;
|
||
|
||
[ApiController]
|
||
[Route("api/[controller]")]
|
||
[Authorize]
|
||
public class ManualDirectoryController : ControllerBase
|
||
{
|
||
private readonly IManualDirectoryRepository manualDirectoryRepository;
|
||
private readonly IManualCatalogService manualCatalogService;
|
||
private readonly IUserRepository userRepository;
|
||
|
||
public ManualDirectoryController(IManualDirectoryRepository manualDirectoryRepository,
|
||
IManualCatalogService manualCatalogService,
|
||
IUserRepository userRepository)
|
||
{
|
||
this.manualDirectoryRepository = manualDirectoryRepository;
|
||
this.manualCatalogService = manualCatalogService;
|
||
this.userRepository = userRepository;
|
||
}
|
||
|
||
/// <summary>
|
||
/// Создание директории
|
||
/// </summary>
|
||
/// <param name="name">Название</param>
|
||
/// <param name="idParent">Необязательный параметр. Id родительской директории</param>
|
||
/// <param name="cancellationToken"></param>
|
||
/// <returns></returns>
|
||
[HttpPost]
|
||
[Permission]
|
||
[ProducesResponseType(typeof(int), StatusCodes.Status200OK)]
|
||
[ProducesResponseType(StatusCodes.Status400BadRequest)]
|
||
[ProducesResponseType(StatusCodes.Status403Forbidden)]
|
||
public async Task<IActionResult> AddDirectoryAsync(string name, int? idParent, CancellationToken cancellationToken)
|
||
{
|
||
CanUserAccessToManualDirectory("Manual.edit");
|
||
|
||
return Ok(await manualCatalogService.AddDirectoryAsync(name, idParent, cancellationToken));
|
||
}
|
||
|
||
/// <summary>
|
||
/// Обновление директории
|
||
/// </summary>
|
||
/// <param name="id"></param>
|
||
/// <param name="name">Новое название директории</param>
|
||
/// <param name="cancellationToken"></param>
|
||
/// <returns></returns>
|
||
[HttpPut]
|
||
[Permission]
|
||
[ProducesResponseType(StatusCodes.Status400BadRequest)]
|
||
[ProducesResponseType(StatusCodes.Status403Forbidden)]
|
||
public async Task<IActionResult> UpdateDirectoryAsync(int id, string name, CancellationToken cancellationToken)
|
||
{
|
||
CanUserAccessToManualDirectory("Manual.edit");
|
||
|
||
await manualCatalogService.UpdateDirectoryAsync(id, name, cancellationToken);
|
||
|
||
return Ok();
|
||
}
|
||
|
||
/// <summary>
|
||
/// Удаление директории
|
||
/// </summary>
|
||
/// <param name="id">Идентификатор директории</param>
|
||
/// <param name="cancellationToken"></param>
|
||
/// <returns></returns>
|
||
[HttpDelete]
|
||
[Permission]
|
||
[ProducesResponseType(typeof(int), StatusCodes.Status200OK)]
|
||
[ProducesResponseType(StatusCodes.Status403Forbidden)]
|
||
public async Task<IActionResult> DeleteDirectoryAsync(int id, CancellationToken cancellationToken)
|
||
{
|
||
CanUserAccessToManualDirectory("Manual.edit");
|
||
|
||
return Ok(await manualCatalogService.DeleteDirectoryAsync(id, cancellationToken));
|
||
}
|
||
|
||
/// <summary>
|
||
/// Получение дерева категорий
|
||
/// </summary>
|
||
/// <param name="cancellationToken"></param>
|
||
/// <returns></returns>
|
||
[HttpGet]
|
||
[Permission]
|
||
[ProducesResponseType(typeof(IEnumerable<ManualDirectoryDto>), StatusCodes.Status200OK)]
|
||
[ProducesResponseType(StatusCodes.Status403Forbidden)]
|
||
public async Task<IActionResult> GetAsync(CancellationToken cancellationToken)
|
||
{
|
||
CanUserAccessToManualDirectory("Manual.get");
|
||
|
||
return Ok(await manualDirectoryRepository.GetTreeAsync(cancellationToken));
|
||
}
|
||
|
||
private void CanUserAccessToManualDirectory(string permissionName)
|
||
{
|
||
var idUser = User.GetUserId();
|
||
|
||
if (!idUser.HasValue || !userRepository.HasPermission(idUser.Value, permissionName))
|
||
throw new ForbidException("У вас недостаточно прав");
|
||
}
|
||
} |