Merge pull request #24 from design-sparx/feat/4-orders

Implement granular permissions and enhance order management

Author: kelvink96

Controllers/OrdersController.cs

@@ -33,7 +33,7 @@ public async Task<ActionResult<IEnumerable<OrderResponseDto>>> GetAllOrders()
             return BadRequest(response);
         }
 
-        return Ok(response.Data);
+        return Ok(response);
     }
 
     [HttpGet("{id}")]
@@ -46,7 +46,7 @@ public async Task<ActionResult<OrderResponseDto>> GetOrderById(Guid id)
             return NotFound(response);
         }
 
-        return Ok(response.Data);
+        return Ok(response);
     }
 
     [HttpPost]
@@ -87,7 +87,7 @@ public async Task<ActionResult<OrderResponseDto>> CreateOrder(CreateOrderDto cre
             return BadRequest(response);
         }
 
-        return CreatedAtAction(nameof(GetOrderById), new { id = order.Id }, response.Data);
+        return CreatedAtAction(nameof(GetOrderById), new { id = order.Id }, response);
     }
 
     [HttpPut("{id}")]
@@ -101,49 +101,20 @@ public async Task<IActionResult> UpdateOrder(Guid id, UpdateOrderDto updateOrder
             return NotFound(orderResponse);
         }
 
-        var order = await _orderService.GetByIdAsync(id);
+        var existingOrder = orderResponse.Data;
+        existingOrder.CustomerName = updateOrderDto.CustomerName;
+        existingOrder.CustomerEmail = updateOrderDto.CustomerEmail;
+        existingOrder.CustomerEmail = updateOrderDto.CustomerEmail;
+        existingOrder.Status = updateOrderDto.Status;
+        existingOrder.ShippingAddress = updateOrderDto.ShippingAddress;
+        existingOrder.BillingAddress = updateOrderDto.BillingAddress;
+        existingOrder.PaymentMethod = updateOrderDto.PaymentMethod;
+        existingOrder.ModifiedById = updateOrderDto.ModifiedById;
+        existingOrder.Modified = DateTime.UtcNow;
 
-        if (!order.Succeeded)
-        {
-            return NotFound(order);
-        }
-
-        var existingOrder = await _orderService.GetByIdAsync(id);
-
-        if (!existingOrder.Succeeded)
-        {
-            return NotFound(existingOrder);
-        }
-
-        var orderEntity = new Order
-        {
-            Id = id,
-            
-            // Update customer information
-            CustomerName = updateOrderDto.CustomerName,
-            CustomerEmail = updateOrderDto.CustomerEmail,
-            CustomerPhone = updateOrderDto.CustomerPhone,
-            
-            OrderDate = existingOrder.Data.OrderDate,
-            TotalAmount = existingOrder.Data.TotalAmount,
-            Status = updateOrderDto.Status,
-            ShippingAddress = updateOrderDto.ShippingAddress ?? existingOrder.Data.ShippingAddress,
-            BillingAddress = updateOrderDto.BillingAddress ?? existingOrder.Data.BillingAddress,
-            PaymentMethod = updateOrderDto.PaymentMethod ?? existingOrder.Data.PaymentMethod,
-            Created = existingOrder.Data.Created,
-            CreatedById = existingOrder.Data.CreatedById,
-            Modified = DateTime.UtcNow,
-            ModifiedById = updateOrderDto.ModifiedById
-        };
-
-        var updateResponse = await _orderService.UpdateAsync(orderEntity);
-
-        if (!updateResponse.Succeeded)
-        {
-            return BadRequest(updateResponse);
-        }
+        await _orderService.UpdateAsync(existingOrder);
 
-        return Ok(updateResponse.Data);
+        return Ok(existingOrder);
     }
 
     [HttpDelete("{id}")]
@@ -177,7 +148,7 @@ public async Task<ActionResult<IEnumerable<OrderResponseDto>>> GetOrdersByCustom
             return BadRequest(response);
         }
 
-        return Ok(response.Data);
+        return Ok(response);
     }
 
     [HttpGet("status/{status}")]
@@ -190,7 +161,7 @@ public async Task<ActionResult<IEnumerable<OrderResponseDto>>> GetOrdersByStatus
             return BadRequest(response);
         }
 
-        return Ok(response.Data);
+        return Ok(response);
     }
 
     [HttpGet("customer-info")]
@@ -210,6 +181,6 @@ public async Task<ActionResult<CustomerInfo>> GetCustomerInfo()
             return BadRequest(response);
         }
 
-        return Ok(response.Data);
+        return Ok(response);
     }
 }

Controllers/ProductCategoriesController.cs

@@ -1,14 +1,16 @@
-using AdminHubApi.Dtos.ProductCategory;
+using AdminHubApi.Constants;
+using AdminHubApi.Dtos.ProductCategory;
 using AdminHubApi.Entities;
 using AdminHubApi.Interfaces;
+using AdminHubApi.Security;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
 namespace AdminHubApi.Controllers;
 
 [ApiController]
 [Route("api/product-categories")]
-[Authorize]
+[PermissionAuthorize(Permissions.ProductCategories.View)]
 public class ProductCategoriesController : ControllerBase
 {
     private readonly IProductCategoryService _productCategoryService;
@@ -43,6 +45,7 @@ public async Task<ActionResult<ProductCategory>> GetCategory(Guid id)
     }
 
     [HttpPost]
+    [PermissionAuthorize(Permissions.ProductCategories.Create)]
     public async Task<ActionResult<ProductCategory>> CreateCategory(CreateProductCategoryDto productCategoryDto)
     {
         var productCategory = new ProductCategory
@@ -67,6 +70,7 @@ public async Task<ActionResult<ProductCategory>> CreateCategory(CreateProductCat
     }
 
     [HttpPut("{id}")]
+    [PermissionAuthorize(Permissions.ProductCategories.Edit)]
     public async Task<IActionResult> UpdateCategory(Guid id, UpdateProductCategoryDto updateProductCategoryDto)
     {
         var productCategoryResponse = await _productCategoryService.GetByIdAsync(id);
@@ -89,6 +93,7 @@ public async Task<IActionResult> UpdateCategory(Guid id, UpdateProductCategoryDt
     }
 
     [HttpDelete("{id}")]
+    [PermissionAuthorize(Permissions.ProductCategories.Delete)]
     public async Task<IActionResult> DeleteCategory(Guid id)
     {
         var productCategoryResponse = await _productCategoryService.GetByIdAsync(id);

Controllers/ProductsController.cs

@@ -1,13 +1,16 @@
-using AdminHubApi.Dtos.Products;
+using AdminHubApi.Constants;
+using AdminHubApi.Dtos.Products;
 using AdminHubApi.Entities;
 using AdminHubApi.Interfaces;
+using AdminHubApi.Security;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
 namespace AdminHubApi.Controllers;
 
 [ApiController]
 [Route("/api/products")]
+[PermissionAuthorize(Permissions.Products.View)]
 public class ProductsController : ControllerBase
 {
     private readonly IProductService _productService;
@@ -41,6 +44,7 @@ public async Task<ActionResult<ProductDto>> GetProductById(Guid id)
     }
 
     [HttpPost]
+    [PermissionAuthorize(Permissions.Products.Create)]
     public async Task<ActionResult> CreateProduct(CreateProductDto createProductDto)
     {
         var product = new Product
@@ -70,7 +74,7 @@ public async Task<ActionResult> CreateProduct(CreateProductDto createProductDto)
     }
 
     [HttpPut("{id}")]
-    [Authorize]
+    [PermissionAuthorize(Permissions.Products.Edit)]
     public async Task<IActionResult> UpdateProduct(Guid id, UpdateProductDto updateProductDto)
     {
         var productResponse = await _productService.GetByIdAsync(id);
@@ -92,7 +96,7 @@ public async Task<IActionResult> UpdateProduct(Guid id, UpdateProductDto updateP
     }
 
     [HttpDelete("{id}")]
-    [Authorize]
+    [PermissionAuthorize(Permissions.Products.Delete)]
     public async Task<IActionResult> DeleteProduct(Guid id)
     {
         var productResponse = await _productService.GetByIdAsync(id);

Interfaces/IOrderService.cs

@@ -11,7 +11,7 @@ public interface IOrderService
     Task<ApiResponse<IEnumerable<OrderResponseDto>>> GetByCustomerIdAsync(string customerId);
     Task<ApiResponse<IEnumerable<OrderResponseDto>>> GetByStatusAsync(OrderStatus status);
     Task<ApiResponse<OrderResponseDto>> CreateAsync(Order order, List<OrderItem> orderItems);
-    Task<ApiResponse<OrderResponseDto>> UpdateAsync(Order order);
+    Task<ApiResponse<OrderResponseDto>> UpdateAsync(OrderResponseDto orderResponseDto);
     Task<ApiResponse<bool>> DeleteAsync(Guid id);
     Task<ApiResponse<CustomerInfo>> GetCustomerInfoAsync(string customerId);
 }

Program.cs

@@ -6,6 +6,7 @@
 using AdminHubApi.Interfaces;
 using AdminHubApi.Repositories;
 using AdminHubApi.Security;
+using AdminHubApi.Security.Permissions;
 using AdminHubApi.Services;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Authorization;
@@ -143,7 +144,10 @@ await tokenBlacklistRepository.IsTokenBlacklistedAsync(tokenId))
 // Register token cleanup background service
 builder.Services.AddHostedService<TokenCleanupService>();
 
-// Custom Authorization Handler
+// Add permission message service
+builder.Services.AddSingleton<IPermissionMessageService, PermissionMessageService>();
+
+// Register the custom authorization handler
 builder.Services.AddSingleton<IAuthorizationMiddlewareResultHandler, CustomAuthorizationMiddlewareResultHandler>();
 
 // Learn more about configuring OpenAPI at https://aka.ms/aspnet/openapi
@@ -186,12 +190,12 @@ await tokenBlacklistRepository.IsTokenBlacklistedAsync(tokenId))
             await NormalUserSeeder.SeedNormalUserAsync(app.Services);
             await ManagerUserSeeder.SeedManagerUserAsync(app.Services);
         }
-        
+
         // Always update permissions to ensure new permissions are added
         logger.LogInformation("Updating role permissions...");
         await PermissionUpdateSeeder.UpdateRolePermissionsAsync(app.Services);
         logger.LogInformation("Role permissions updated successfully");
-        
+
         logger.LogInformation("Updating user permissions...");
         await UserPermissionUpdateSeeder.UpdateUserPermissionsAsync(app.Services);
         logger.LogInformation("User permissions updated successfully");