feat: ProfileObjStateController für verbesserte CRUD-Funktionalität aktualisiert

- `GetAsync`-Methode mit zusätzlichen Filteroptionen für Profil-, Benutzer- und Zustandsdetails erweitert. - Verbesserte Autorisierungsprüfungen mit detaillierter Fehlerprotokollierung bei fehlenden oder ungültigen Benutzer-ID-Ansprüchen. - Identitätsprüfung in den Create- und Delete-Methoden hinzugefügt, um unbefugten Zugriff zu verhindern. - Fehlerbehandlung und Antwort verfeinert für robustere serverseitige Verarbeitung.
2024-10-25 01:43:14 +02:00 · 2024-10-25 01:43:14 +02:00 · 0ef327a059
commit 0ef327a059
parent 2a9e0a8f17
1 changed files with 102 additions and 0 deletions
--- a/WorkFlow.API/Controllers/ProfileObjStateController.cs
+++ b/WorkFlow.API/Controllers/ProfileObjStateController.cs
@ -1,4 +1,5 @@
 using DigitalData.Core.API;
+using DigitalData.Core.DTO;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using WorkFlow.Application.Contracts;
@ -12,5 +13,106 @@ namespace WorkFlow.API.Controllers
    [Authorize]
    public class ProfileObjStateController(ILogger<ProfileObjStateController> logger, IProfileObjStateService service) : CRUDControllerBaseWithErrorHandling<IProfileObjStateService, ProfileObjStateCreateDto, ProfileObjStateDto, ProfileObjStateUpdateDto, ProfileObjState, int>(logger, service)
    {
+        [NonAction]
+        public override Task<IActionResult> GetAll() => base.GetAll();
+
+        [NonAction]
+        public override Task<IActionResult> Update(ProfileObjStateUpdateDto updateDto) => base.Update(updateDto);
+
+        [HttpGet]
+        public async Task<IActionResult> GetAsync(
+            bool withProfile = true, bool withUser = true, bool withState = true,
+            int? profileId = null, int? objId = null, bool? profileActive = null)
+        {
+            try
+            {
+                if (!this.TryGetUserId(out int? id))
+                {
+                    logger.LogError("Authorization failed: User ID claim not found.");
+                    return StatusCode(StatusCodes.Status500InternalServerError, "Failed to retrieve user identity.");
+                }
+                else if (id is null)
+                {
+                    logger.LogError("Invalid user ID: Retrieved ID is null or not an integer.");
+                    return StatusCode(StatusCodes.Status500InternalServerError, "Invalid user ID.");
+                }
+
+                return await _service.ReadAsync(
+                    withProfile: withProfile, withUser: withUser, withState,
+                    userId: id,
+                    profileId: profileId, objId: objId, profileActive: profileActive)
+                    .ThenAsync(
+                        Success: pctf => pctf.Any() ? Ok(pctf) : NotFound(),
+                        Fail: IActionResult (msg, ntc) =>
+                        {
+                            logger.LogNotice(ntc);
+                            return NotFound();
+                        });
+            }
+            catch (Exception ex)
+            {
+                logger.LogError(ex, "An unexpected error occurred while processing the request: {Message}", ex.Message);
+                return StatusCode(StatusCodes.Status500InternalServerError, "An internal server error occurred.");
+            }
+        }
+
+        [HttpPost]
+        public override async Task<IActionResult> Create([FromBody] ProfileObjStateCreateDto createDto)
+        {
+            try
+            {
+                if (!this.TryGetUserId(out int? id))
+                {
+                    logger.LogError("Authorization failed: User ID claim not found.");
+                    return StatusCode(StatusCodes.Status500InternalServerError, "Failed to retrieve user identity.");
+                }
+                else if (id is null)
+                {
+                    logger.LogError("Invalid user ID: Retrieved ID is null or not an integer.");
+                    return StatusCode(StatusCodes.Status500InternalServerError, "Invalid user ID.");
+                }
+
+                if (createDto.UserId != id)
+                    return Unauthorized();
+
+                return await base.Create(createDto);
+            }
+            catch (Exception ex)
+            {
+                logger.LogError(ex, "An unexpected error occurred while processing the request: {Message}", ex.Message);
+                return StatusCode(StatusCodes.Status500InternalServerError, "An internal server error occurred.");
+            }
+        }
+
+        [HttpDelete]
+        public override async Task<IActionResult> Delete([FromRoute] int id)
+        {
+            try
+            {
+                if (!this.TryGetUserId(out int? userId))
+                {
+                    logger.LogError("Authorization failed: User ID claim not found.");
+                    return StatusCode(StatusCodes.Status500InternalServerError, "Failed to retrieve user identity.");
+                }
+                else if (userId is null)
+                {
+                    logger.LogError("Invalid user ID: Retrieved ID is null or not an integer.");
+                    return StatusCode(StatusCodes.Status500InternalServerError, "Invalid user ID.");
+                }
+
+                return await _service.ReadByIdAsync(id).ThenAsync(
+                    SuccessAsync: async pctf => pctf.UserId == userId ? await base.Delete(id) : Unauthorized(),
+                    Fail: IActionResult (msg, ntc) =>
+                    {
+                        _logger.LogNotice(ntc);
+                        return ntc.HasFlag(Flag.NotFound) ? NotFound() : StatusCode(StatusCodes.Status500InternalServerError);
+                    });
+            }
+            catch (Exception ex)
+            {
+                logger.LogError(ex, "An unexpected error occurred while processing the request: {Message}", ex.Message);
+                return StatusCode(StatusCodes.Status500InternalServerError, "An internal server error occurred.");
+            }
+        }
    }
 }