Timeline/Controllers/UserDetailController.cs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Logging;
using System.Threading.Tasks;
using Timeline.Authenticate;
using Timeline.Models;
using Timeline.Models.Http;
using Timeline.Services;

namespace Timeline.Controllers
{
    [Route("users/{username}/details")]
    [ProducesErrorResponseType(typeof(CommonResponse))]
    [ApiController]
    public class UserDetailController : Controller
    {
        public static class ErrorCodes
        {
            public const int Get_UserNotExist = -1001;

            public const int Patch_Forbid = -2001;
            public const int Patch_UserNotExist = -2002;

        }

        private readonly ILogger<UserDetailController> _logger;
        private readonly IUserDetailService _service;

        public UserDetailController(ILogger<UserDetailController> logger, IUserDetailService service)
        {
            _logger = logger;
            _service = service;
        }

        [HttpGet()]
        [UserAuthorize]
        [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(UserDetail))]
        [ProducesResponseType(StatusCodes.Status404NotFound)]
        public async Task<IActionResult> Get([FromRoute] string username)
        {
            try
            {
                var detail = await _service.GetUserDetail(username);
                return Ok(detail);
            }
            catch (UserNotExistException)
            {
                return NotFound(new CommonResponse(ErrorCodes.Get_UserNotExist, "The user does not exist."));
            }
        }

        [HttpPatch()]
        [Authorize]
        [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(void))]
        [ProducesResponseType(StatusCodes.Status400BadRequest)]
        [ProducesResponseType(StatusCodes.Status403Forbidden)]
        [ProducesResponseType(StatusCodes.Status404NotFound)]
        public async Task<IActionResult> Patch([FromRoute] string username, [FromBody] UserDetail detail)
        {
            if (!User.IsAdmin() && User.Identity.Name != username)
                return StatusCode(StatusCodes.Status403Forbidden, new CommonResponse(ErrorCodes.Patch_Forbid, "You can't change other's details unless you are admin."));

            try
            {
                await _service.UpdateUserDetail(username, detail);
                return Ok();
            }
            catch (UserNotExistException)
            {
                return NotFound(new CommonResponse(ErrorCodes.Patch_UserNotExist, "The user does not exist."));
            }
        }
    }
}