reactredux/src/WeatherForecast/Controllers/CategoryItemController.cs

using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;

using DomainResults.Mvc;

using WeatherForecast.Services;
using WeatherForecast.Policies;
using Core.Enumerations;
using WeatherForecast.Models.Category.Requests;
using WeatherForecast.Models.CategoryItem.Requests;
using DomainObjects.Documents.Users;

namespace WeatherForecast.Controllers;

/// <summary>
/// 
/// </summary>
[ApiController]
[Route("api/[controller]")]
public class CategoryItemController : ControllerBase {

  private readonly IAuthorizationService _authorizationService;
  private readonly ICategoryItemService _categoryItemService;

  /// <summary>
  /// 
  /// </summary>
  /// <param name="authorizationService"></param>
  /// <param name="categoryItemService"></param>
  public CategoryItemController(
    IAuthorizationService authorizationService,
    ICategoryItemService categoryItemService
    ) {
    _authorizationService = authorizationService;
    _categoryItemService = categoryItemService;
  }

  #region Authless methods
  /// <summary>
  /// 
  /// </summary>
  /// <param name="siteId"></param>
  /// <param name="requestData"></param>
  [HttpGet("{siteId}")]
  public IActionResult GetSlug([FromRoute] Guid siteId, [FromQuery] GetCategoryItemSlugRequestModel requestData) {
    var result = _categoryItemService.GetSlug(siteId, requestData);
    return result.ToActionResult();
  }
  #endregion

  /// <summary>
  /// Can Admin, Editor, Shop manager
  /// </summary>
  /// <param name="siteId"></param>
  /// <param name="requestData"></param>
  /// <returns></returns>
  [HttpPost("{siteId}")]
  public async Task<IActionResult> Post([FromRoute] Guid siteId, [FromBody] PostCategoryItemRequestModel requestData) {
    if ((await _authorizationService.AuthorizeAsync(User, null, new CategoryAuthorizationRequirement {
      Action = CrudActions.Create,
      Roles = new List<CategoryRole> {
        new CategoryRole { Role = Roles.Admin },
        new CategoryRole { Role = Roles.Editor },
        new CategoryRole { Role = Roles.ShopManager }
      }
    })).Succeeded) {
      var result = _categoryItemService.Post(siteId, requestData);
      return result.ToActionResult();
    }
    else {
      return Unauthorized();
    }
  }

  /// <summary>
  /// Returns full object
  /// Can Admin, Editor, Author, Contributor, Shop manager
  /// </summary>
  /// <param name="siteId"></param>
  /// <param name="categoryId"></param>
  /// <returns></returns>
  [HttpGet("{siteId}/{categoryId}")]
  public async Task<IActionResult> Get([FromRoute] Guid siteId, [FromRoute] Guid categoryId) {
    if ((await _authorizationService.AuthorizeAsync(User, null, new CategoryAuthorizationRequirement {
      Action = CrudActions.Read,
      Roles = new List<CategoryRole> {
        new CategoryRole { Role =  Roles.Admin },
        new CategoryRole { Role =  Roles.Editor },
        new CategoryRole { Role =  Roles.Author },
        new CategoryRole { Role =  Roles.Contributor },
        new CategoryRole { Role =  Roles.ShopManager },
      }
    })).Succeeded) {              
      var result = _categoryItemService.Get(siteId, categoryId);
      return result.ToActionResult();
    }                           
    else {
      return Unauthorized();
    }
  }

  /// <summary>
  /// Can Admin, Editor, Shop manager
  /// </summary>
  /// <param name="siteId"></param>
  /// <param name="categoryId"></param>
  /// <param name="requestData"></param>
  /// <returns></returns>
  [HttpPut("{siteId}/{categoryId}")]
  public async Task<IActionResult> Update([FromRoute] Guid siteId, [FromRoute] Guid categoryId, [FromBody] PutCategoryItemRequestModel requestData) {
    if ((await _authorizationService.AuthorizeAsync(User, null, new CategoryAuthorizationRequirement {
      Action = CrudActions.Update,
      Roles = new List<CategoryRole> {
        new CategoryRole { Role = Roles.Admin },
        new CategoryRole { Role = Roles.Editor },
        new CategoryRole { Role = Roles.ShopManager }
      }
    })).Succeeded) {
      var result = _categoryItemService.Update(siteId, categoryId, requestData);
      return result.ToActionResult();
    }
      
    return Unauthorized();
  }

  /// <summary>
  /// Can Admin only
  /// </summary>
  /// <param name="siteId"></param>
  /// <param name="categoryId"></param>
  /// <returns></returns>
  [HttpDelete("{siteId}/{categoryId}")]
  public async Task<IActionResult> Delete([FromRoute] Guid siteId, [FromRoute] Guid categoryId) {
    if ((await _authorizationService.AuthorizeAsync(User, null, new CategoryAuthorizationRequirement {
      Action = CrudActions.Delete,
      Roles = new List<CategoryRole> {
        new CategoryRole { Role = Roles.Admin }
      }
    })).Succeeded) {
      var result = _categoryItemService.Delete(siteId, categoryId);
      return result.ToActionResult();
    }

    return Unauthorized();
  }
}