0ef327a059
- `GetAsync`-Methode mit zusätzlichen Filteroptionen für Profil-, Benutzer- und Zustandsdetails erweitert. - Verbesserte Autorisierungsprüfungen mit detaillierter Fehlerprotokollierung bei fehlenden oder ungültigen Benutzer-ID-Ansprüchen. - Identitätsprüfung in den Create- und Delete-Methoden hinzugefügt, um unbefugten Zugriff zu verhindern. - Fehlerbehandlung und Antwort verfeinert für robustere serverseitige Verarbeitung.
118 lines
5.2 KiB
C#
118 lines
5.2 KiB
C#
using DigitalData.Core.API;
|
|
using DigitalData.Core.DTO;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using WorkFlow.Application.Contracts;
|
|
using WorkFlow.Application.DTO.ProfileObjState;
|
|
using WorkFlow.Domain.Entities;
|
|
|
|
namespace WorkFlow.API.Controllers
|
|
{
|
|
[Route("api/[controller]")]
|
|
[ApiController]
|
|
[Authorize]
|
|
public class ProfileObjStateController(ILogger<ProfileObjStateController> logger, IProfileObjStateService service) : CRUDControllerBaseWithErrorHandling<IProfileObjStateService, ProfileObjStateCreateDto, ProfileObjStateDto, ProfileObjStateUpdateDto, ProfileObjState, int>(logger, service)
|
|
{
|
|
[NonAction]
|
|
public override Task<IActionResult> GetAll() => base.GetAll();
|
|
|
|
[NonAction]
|
|
public override Task<IActionResult> Update(ProfileObjStateUpdateDto updateDto) => base.Update(updateDto);
|
|
|
|
[HttpGet]
|
|
public async Task<IActionResult> GetAsync(
|
|
bool withProfile = true, bool withUser = true, bool withState = true,
|
|
int? profileId = null, int? objId = null, bool? profileActive = null)
|
|
{
|
|
try
|
|
{
|
|
if (!this.TryGetUserId(out int? id))
|
|
{
|
|
logger.LogError("Authorization failed: User ID claim not found.");
|
|
return StatusCode(StatusCodes.Status500InternalServerError, "Failed to retrieve user identity.");
|
|
}
|
|
else if (id is null)
|
|
{
|
|
logger.LogError("Invalid user ID: Retrieved ID is null or not an integer.");
|
|
return StatusCode(StatusCodes.Status500InternalServerError, "Invalid user ID.");
|
|
}
|
|
|
|
return await _service.ReadAsync(
|
|
withProfile: withProfile, withUser: withUser, withState,
|
|
userId: id,
|
|
profileId: profileId, objId: objId, profileActive: profileActive)
|
|
.ThenAsync(
|
|
Success: pctf => pctf.Any() ? Ok(pctf) : NotFound(),
|
|
Fail: IActionResult (msg, ntc) =>
|
|
{
|
|
logger.LogNotice(ntc);
|
|
return NotFound();
|
|
});
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
logger.LogError(ex, "An unexpected error occurred while processing the request: {Message}", ex.Message);
|
|
return StatusCode(StatusCodes.Status500InternalServerError, "An internal server error occurred.");
|
|
}
|
|
}
|
|
|
|
[HttpPost]
|
|
public override async Task<IActionResult> Create([FromBody] ProfileObjStateCreateDto createDto)
|
|
{
|
|
try
|
|
{
|
|
if (!this.TryGetUserId(out int? id))
|
|
{
|
|
logger.LogError("Authorization failed: User ID claim not found.");
|
|
return StatusCode(StatusCodes.Status500InternalServerError, "Failed to retrieve user identity.");
|
|
}
|
|
else if (id is null)
|
|
{
|
|
logger.LogError("Invalid user ID: Retrieved ID is null or not an integer.");
|
|
return StatusCode(StatusCodes.Status500InternalServerError, "Invalid user ID.");
|
|
}
|
|
|
|
if (createDto.UserId != id)
|
|
return Unauthorized();
|
|
|
|
return await base.Create(createDto);
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
logger.LogError(ex, "An unexpected error occurred while processing the request: {Message}", ex.Message);
|
|
return StatusCode(StatusCodes.Status500InternalServerError, "An internal server error occurred.");
|
|
}
|
|
}
|
|
|
|
[HttpDelete]
|
|
public override async Task<IActionResult> Delete([FromRoute] int id)
|
|
{
|
|
try
|
|
{
|
|
if (!this.TryGetUserId(out int? userId))
|
|
{
|
|
logger.LogError("Authorization failed: User ID claim not found.");
|
|
return StatusCode(StatusCodes.Status500InternalServerError, "Failed to retrieve user identity.");
|
|
}
|
|
else if (userId is null)
|
|
{
|
|
logger.LogError("Invalid user ID: Retrieved ID is null or not an integer.");
|
|
return StatusCode(StatusCodes.Status500InternalServerError, "Invalid user ID.");
|
|
}
|
|
|
|
return await _service.ReadByIdAsync(id).ThenAsync(
|
|
SuccessAsync: async pctf => pctf.UserId == userId ? await base.Delete(id) : Unauthorized(),
|
|
Fail: IActionResult (msg, ntc) =>
|
|
{
|
|
_logger.LogNotice(ntc);
|
|
return ntc.HasFlag(Flag.NotFound) ? NotFound() : StatusCode(StatusCodes.Status500InternalServerError);
|
|
});
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
logger.LogError(ex, "An unexpected error occurred while processing the request: {Message}", ex.Message);
|
|
return StatusCode(StatusCodes.Status500InternalServerError, "An internal server error occurred.");
|
|
}
|
|
}
|
|
}
|
|
} |