Core.Thalos.DAL.API/Core.Thalos.DAL.API/Controllers/PermissionController.cs

// ***********************************************************************
// <copyright file="PermissionController.cs">
//     AgileWebs
// </copyright>
// ***********************************************************************

using Asp.Versioning;
using Core.Thalos.BuildingBlocks;
using Core.Thalos.Provider.Contracts;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Graph;
using PermissionRequest = Core.Thalos.Domain.Contexts.Onboarding.Request.PermissionRequest;
using StatusEnum = Core.Blueprint.Mongo.StatusEnum;

namespace LSA.Core.Thalos.API.Controllers
{
    /// <summary>
    /// Handles all requests for permission authentication.
    /// </summary>
    [ApiVersion(MimeTypes.ApplicationVersion)]
    [Route("api/v{api-version:apiVersion}/[controller]")]
    [Produces(MimeTypes.ApplicationJson)]
    [Consumes(MimeTypes.ApplicationJson)]
    [ApiController]
    [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
    public class PermissionController(IPermissionProvider service) : ControllerBase
    {
        /// <summary>
        /// Gets all permissions.
        /// </summary>
        /// <param name="cancellationToken">A token to cancel the asynchronous operation.</param>
        /// <returns>The <see cref="IEnumerable{PermissionAdapter}"/> found entities.</returns>
        /// <response code="200">The permissions found.</response>
        /// <response code="500">The service internal error.</response>
        [HttpGet]
        [Consumes(MimeTypes.ApplicationJson)]
        [Produces(MimeTypes.ApplicationJson)]
        [ProducesResponseType(typeof(IEnumerable<PermissionAdapter>), StatusCodes.Status200OK)]
        [Permission("PermissionManagement.Read, RoleManagement.Read")]
        public async Task<IActionResult> GetAllPermissionsAsync(CancellationToken cancellationToken)
        {
            var result = await service.GetAllPermissions(cancellationToken).ConfigureAwait(false);
            return Ok(result);
        }

        /// <summary>
        /// Gets all the permissions by permission identifiers.
        /// </summary>
        /// <param name="permissions">The list of permission identifiers.</param>
        /// <param name="cancellationToken">A token to cancel the asynchronous operation.</param>
        /// <returns>The <see cref="IEnumerable{PermissionAdapter}"/> found entities.</returns>
        /// <response code="200">The permissions found.</response>
        /// <response code="400">Bad request if list is null or empty.</response>
        /// <response code="500">The service internal error.</response>
        [HttpPost]
        [Route(Routes.GetPermissionList)]
        [Consumes(MimeTypes.ApplicationJson)]
        [Produces(MimeTypes.ApplicationJson)]
        [ProducesResponseType(typeof(IEnumerable<PermissionAdapter>), StatusCodes.Status200OK)]
        [Permission("PermissionManagement.Read")]
        public async Task<IActionResult> GetAllPermissionsByList([FromBody] string[] permissions, CancellationToken cancellationToken)
        {
            if (permissions == null || !permissions.Any())
            {
                return BadRequest("Permissions identifiers are required.");
            }

            var result = await service.GetAllPermissionsByList(permissions, cancellationToken).ConfigureAwait(false);
            return Ok(result);
        }

        /// <summary>
        /// Gets the permission by mongo identifier.
        /// </summary>
        /// <param name="_id">The permission mongo identifier.</param>
        /// <param name="cancellationToken">A token to cancel the asynchronous operation.</param>
        /// <returns>The <see cref="PermissionAdapter"/> found entity.</returns>
        /// <response code="200">The permission found.</response>
        /// <response code="404">The permission not found.</response>
        /// <response code="500">The service internal error.</response>
        [HttpGet]
        [Route(Routes.Id)]
        [Consumes(MimeTypes.ApplicationJson)]
        [Produces(MimeTypes.ApplicationJson)]
        [ProducesResponseType(typeof(PermissionAdapter), StatusCodes.Status200OK)]
        [Permission("PermissionManagement.Read")]
        public async Task<IActionResult> GetPermissionByIdAsync([FromRoute] string _id, CancellationToken cancellationToken)
        {
            var result = await service.GetPermissionById(_id, cancellationToken).ConfigureAwait(false);

            if (result == null)
            {
                return NotFound("Entity not found");
            }

            return Ok(result);
        }

        /// <summary>
        /// Creates a new permission.
        /// </summary>
        /// <param name="newPermission">The permission to be added.</param>
        /// <param name="cancellationToken">A token to cancel the asynchronous operation.</param>
        /// <returns>The <see cref="PermissionAdapter"/> created entity.</returns>
        /// <response code="201">The permission created.</response>
        /// <response code="422">The permission could not be created.</response>
        /// <response code="500">Internal server error.</response>
        [HttpPost]
        [ProducesResponseType(typeof(PermissionAdapter), StatusCodes.Status201Created)]
        [Permission("PermissionManagement.Write")]
        public async Task<IActionResult> CreatePermissionAsync([FromBody] PermissionRequest newPermission, CancellationToken cancellationToken)
        {
            var result = await service.CreatePermission(newPermission, cancellationToken).ConfigureAwait(false);
            return Created("CreatedWithIdAsync", result);
        }

        /// <summary>
        /// Updates a full permission by mongo identifier.
        /// </summary>
        /// <param name="_id">The permission mongo identifier.</param>
        /// <param name="entity">The permission to update.</param>
        /// <param name="cancellationToken">A token to cancel the asynchronous operation.</param>
        /// <returns>The <see cref="PermissionAdapter"/> updated entity.</returns>
        /// <response code="200">The permission updated.</response>
        /// <response code="400">Bad request if ID mismatch.</response>
        /// <response code="422">The permission could not be updated.</response>
        /// <response code="500">Internal server error.</response>
        [HttpPut]
        [Route(Routes.Id)]
        [Consumes(MimeTypes.ApplicationJson)]
        [Produces(MimeTypes.ApplicationJson)]
        [ProducesResponseType(typeof(PermissionAdapter), StatusCodes.Status200OK)]
        [Permission("PermissionManagement.Write")]
        public async Task<IActionResult> UpdatePermissionAsync([FromRoute] string _id, [FromBody] PermissionAdapter entity, CancellationToken cancellationToken)
        {
            if (_id != entity._Id)
            {
                return BadRequest("Permission ID mismatch");
            }

            var result = await service.UpdatePermission(entity, cancellationToken).ConfigureAwait(false);

            return Ok(result);
        }

        /// <summary>
        /// Changes the status of the permission.
        /// </summary>
        /// <param name="_id">The permission mongo identifier.</param>
        /// <param name="newStatus">The new status of the permission.</param>
        /// <param name="cancellationToken">A token to cancel the asynchronous operation.</param>
        /// <returns>The <see cref="PermissionAdapter"/> updated entity.</returns>
        /// <response code="200">The permission status was updated.</response>
        /// <response code="500">Internal server error.</response>
        [HttpPatch]
        [Route(Routes.ChangeStatus)]
        [Consumes(MimeTypes.ApplicationJson)]
        [Produces(MimeTypes.ApplicationJson)]
        [ProducesResponseType(typeof(PermissionAdapter), StatusCodes.Status200OK)]
        [Permission("PermissionManagement.Write")]
        public async Task<IActionResult> ChangePermissionStatus([FromRoute] string _id, [FromRoute] StatusEnum newStatus, CancellationToken cancellationToken)
        {
            var result = await service.ChangePermissionStatus(_id, newStatus, cancellationToken).ConfigureAwait(false);
            return Ok(result);
        }

        /// <summary>
        /// Deletes a permission by its mongo identifier.
        /// </summary>
        /// <param name="_id">The permission mongo identifier.</param>
        /// <param name="cancellationToken">A token to cancel the asynchronous operation.</param>
        /// <returns>The deleted <see cref="PermissionAdapter"/> entity.</returns>
        /// <response code="200">The permission was successfully deleted.</response>
        /// <response code="404">The permission was not found.</response>
        /// <response code="500">Internal server error occurred.</response>
        [HttpDelete]
        [Route(Routes.Id)]
        [ProducesResponseType(typeof(PermissionAdapter), StatusCodes.Status200OK)]
        [Permission("PermissionManagement.Write")]
        public async Task<IActionResult> DeletePermissionAsync([FromRoute] string _id, CancellationToken cancellationToken)
        {
            var result = await service.DeletePermission(_id, cancellationToken).ConfigureAwait(false);

            if (result is null)
                return NotFound("Permission not found.");

            return Ok(result);
        }
    }
}