Skip to content

Commit 921e68c

Browse files
kelvink96kelvink96
authored
Merge pull request #23 from design-sparx/fix/fixed-user-permissions-seeders
Add orders functionality with permissions and database tables
2 parents 81e1321 + d756b3b commit 921e68c

29 files changed

+2908
-27
lines changed

Constants/Permissions.cs

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,14 @@ public static class ProductCategories
4343
public const string Edit = "Permissions.ProductCategories.Edit";
4444
public const string Delete = "Permissions.ProductCategories.Delete";
4545
}
46+
47+
public static class Orders
48+
{
49+
public const string View = "Permissions.Orders.View";
50+
public const string Create = "Permissions.Orders.Create";
51+
public const string Edit = "Permissions.Orders.Edit";
52+
public const string Delete = "Permissions.Orders.Delete";
53+
}
4654

4755
// Helper method to get all permissions
4856
public static IEnumerable<string> GetAllPermissions()

Controllers/OrdersController.cs

Lines changed: 215 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,215 @@
1+
using System.Security.Claims;
2+
using AdminHubApi.Constants;
3+
using AdminHubApi.Dtos.Orders;
4+
using AdminHubApi.Entities;
5+
using AdminHubApi.Interfaces;
6+
using AdminHubApi.Security;
7+
using Microsoft.AspNetCore.Authorization;
8+
using Microsoft.AspNetCore.Mvc;
9+
10+
namespace AdminHubApi.Controllers;
11+
12+
[ApiController]
13+
[Route("/api/orders")]
14+
[PermissionAuthorize(Permissions.Orders.View)]
15+
public class OrdersController : ControllerBase
16+
{
17+
private readonly IOrderService _orderService;
18+
private readonly ILogger<OrdersController> _logger;
19+
20+
public OrdersController(IOrderService orderService, ILogger<OrdersController> logger)
21+
{
22+
_orderService = orderService;
23+
_logger = logger;
24+
}
25+
26+
[HttpGet]
27+
public async Task<ActionResult<IEnumerable<OrderResponseDto>>> GetAllOrders()
28+
{
29+
var response = await _orderService.GetAllAsync();
30+
31+
if (!response.Succeeded)
32+
{
33+
return BadRequest(response);
34+
}
35+
36+
return Ok(response.Data);
37+
}
38+
39+
[HttpGet("{id}")]
40+
public async Task<ActionResult<OrderResponseDto>> GetOrderById(Guid id)
41+
{
42+
var response = await _orderService.GetByIdAsync(id);
43+
44+
if (!response.Succeeded)
45+
{
46+
return NotFound(response);
47+
}
48+
49+
return Ok(response.Data);
50+
}
51+
52+
[HttpPost]
53+
[PermissionAuthorize(Permissions.Orders.Create)]
54+
public async Task<ActionResult<OrderResponseDto>> CreateOrder(CreateOrderDto createOrderDto)
55+
{
56+
var order = new Order
57+
{
58+
Id = Guid.NewGuid(),
59+
60+
// Include both registered user id and order-specific customer info
61+
CustomerId = createOrderDto.CustomerId,
62+
CustomerName = createOrderDto.CustomerName,
63+
CustomerEmail = createOrderDto.CustomerEmail,
64+
CustomerPhone = createOrderDto.CustomerPhone,
65+
66+
Status = createOrderDto.Status,
67+
ShippingAddress = createOrderDto.ShippingAddress,
68+
BillingAddress = createOrderDto.BillingAddress,
69+
PaymentMethod = createOrderDto.PaymentMethod,
70+
Created = DateTime.UtcNow,
71+
CreatedById = createOrderDto.CreatedById,
72+
Modified = DateTime.UtcNow,
73+
ModifiedById = createOrderDto.CreatedById
74+
};
75+
76+
var orderItems = createOrderDto.OrderItems.Select(item => new OrderItem
77+
{
78+
Id = Guid.NewGuid(),
79+
ProductId = item.ProductId,
80+
Quantity = item.Quantity
81+
}).ToList();
82+
83+
var response = await _orderService.CreateAsync(order, orderItems);
84+
85+
if (!response.Succeeded)
86+
{
87+
return BadRequest(response);
88+
}
89+
90+
return CreatedAtAction(nameof(GetOrderById), new { id = order.Id }, response.Data);
91+
}
92+
93+
[HttpPut("{id}")]
94+
[PermissionAuthorize(Permissions.Orders.Edit)]
95+
public async Task<IActionResult> UpdateOrder(Guid id, UpdateOrderDto updateOrderDto)
96+
{
97+
var orderResponse = await _orderService.GetByIdAsync(id);
98+
99+
if (!orderResponse.Succeeded)
100+
{
101+
return NotFound(orderResponse);
102+
}
103+
104+
var order = await _orderService.GetByIdAsync(id);
105+
106+
if (!order.Succeeded)
107+
{
108+
return NotFound(order);
109+
}
110+
111+
var existingOrder = await _orderService.GetByIdAsync(id);
112+
113+
if (!existingOrder.Succeeded)
114+
{
115+
return NotFound(existingOrder);
116+
}
117+
118+
var orderEntity = new Order
119+
{
120+
Id = id,
121+
122+
// Update customer information
123+
CustomerName = updateOrderDto.CustomerName,
124+
CustomerEmail = updateOrderDto.CustomerEmail,
125+
CustomerPhone = updateOrderDto.CustomerPhone,
126+
127+
OrderDate = existingOrder.Data.OrderDate,
128+
TotalAmount = existingOrder.Data.TotalAmount,
129+
Status = updateOrderDto.Status,
130+
ShippingAddress = updateOrderDto.ShippingAddress ?? existingOrder.Data.ShippingAddress,
131+
BillingAddress = updateOrderDto.BillingAddress ?? existingOrder.Data.BillingAddress,
132+
PaymentMethod = updateOrderDto.PaymentMethod ?? existingOrder.Data.PaymentMethod,
133+
Created = existingOrder.Data.Created,
134+
CreatedById = existingOrder.Data.CreatedById,
135+
Modified = DateTime.UtcNow,
136+
ModifiedById = updateOrderDto.ModifiedById
137+
};
138+
139+
var updateResponse = await _orderService.UpdateAsync(orderEntity);
140+
141+
if (!updateResponse.Succeeded)
142+
{
143+
return BadRequest(updateResponse);
144+
}
145+
146+
return Ok(updateResponse.Data);
147+
}
148+
149+
[HttpDelete("{id}")]
150+
[PermissionAuthorize(Permissions.Orders.Delete)]
151+
public async Task<IActionResult> DeleteOrder(Guid id)
152+
{
153+
var order = await _orderService.GetByIdAsync(id);
154+
155+
if (!order.Succeeded)
156+
{
157+
return NotFound(order);
158+
}
159+
160+
var deleteResponse = await _orderService.DeleteAsync(id);
161+
162+
if (!deleteResponse.Succeeded)
163+
{
164+
return BadRequest(deleteResponse);
165+
}
166+
167+
return NoContent();
168+
}
169+
170+
[HttpGet("customer/{customerId}")]
171+
public async Task<ActionResult<IEnumerable<OrderResponseDto>>> GetOrdersByCustomer(string customerId)
172+
{
173+
var response = await _orderService.GetByCustomerIdAsync(customerId);
174+
175+
if (!response.Succeeded)
176+
{
177+
return BadRequest(response);
178+
}
179+
180+
return Ok(response.Data);
181+
}
182+
183+
[HttpGet("status/{status}")]
184+
public async Task<ActionResult<IEnumerable<OrderResponseDto>>> GetOrdersByStatus(OrderStatus status)
185+
{
186+
var response = await _orderService.GetByStatusAsync(status);
187+
188+
if (!response.Succeeded)
189+
{
190+
return BadRequest(response);
191+
}
192+
193+
return Ok(response.Data);
194+
}
195+
196+
[HttpGet("customer-info")]
197+
public async Task<ActionResult<CustomerInfo>> GetCustomerInfo()
198+
{
199+
var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
200+
201+
if (string.IsNullOrEmpty(userId))
202+
{
203+
return BadRequest("User ID not found");
204+
}
205+
206+
var response = await _orderService.GetCustomerInfoAsync(userId);
207+
208+
if (!response.Succeeded)
209+
{
210+
return BadRequest(response);
211+
}
212+
213+
return Ok(response.Data);
214+
}
215+
}

Data/ApplicationDbContext.cs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,11 +10,11 @@ public ApplicationDbContext(DbContextOptions<ApplicationDbContext> options) : ba
1010
{ }
1111

1212
public DbSet<Project> Projects { get; set; }
13-
1413
public DbSet<BlacklistedToken> BlacklistedTokens { get; set; }
15-
1614
public DbSet<Product> Products { get; set; }
1715
public DbSet<ProductCategory> ProductCategories { get; set; }
16+
public DbSet<Order> Orders { get; set; }
17+
public DbSet<OrderItem> OrderItems { get; set; }
1818

1919
protected override void OnModelCreating(ModelBuilder builder)
2020
{

Data/Seeders/AdminUserSeeder.cs

Lines changed: 23 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ public static async Task SeedAdminUserAsync(IServiceProvider serviceProvider)
1515
var configuration = scope.ServiceProvider.GetRequiredService<IConfiguration>();
1616

1717
// Get admin user details from configuration
18-
var adminEmail = configuration["AdminUser:Email"] ?? "admin@example.com";
18+
var adminEmail = configuration["AdminUser:Email"] ?? "admin@adminhub.com";
1919
var adminUserName = configuration["AdminUser:UserName"] ?? "admin";
2020
var adminPassword = configuration["AdminUser:Password"] ?? "Admin@Password123!"; // Should be in secrets in production
2121

@@ -40,7 +40,7 @@ public static async Task SeedAdminUserAsync(IServiceProvider serviceProvider)
4040
{
4141
logger.LogInformation($"Admin user created successfully");
4242

43-
// Add to Admin role
43+
// Add to the Admin role
4444
await userManager.AddToRoleAsync(adminUser, RoleSeeder.AdminRole);
4545

4646
// Add all admin permissions
@@ -50,10 +50,31 @@ public static async Task SeedAdminUserAsync(IServiceProvider serviceProvider)
5050
new Claim(CustomClaimTypes.Permission, Permissions.Users.Create),
5151
new Claim(CustomClaimTypes.Permission, Permissions.Users.Edit),
5252
new Claim(CustomClaimTypes.Permission, Permissions.Users.Delete),
53+
5354
new Claim(CustomClaimTypes.Permission, Permissions.Roles.View),
5455
new Claim(CustomClaimTypes.Permission, Permissions.Roles.Create),
5556
new Claim(CustomClaimTypes.Permission, Permissions.Roles.Edit),
5657
new Claim(CustomClaimTypes.Permission, Permissions.Roles.Delete),
58+
59+
new Claim(CustomClaimTypes.Permission, Permissions.Projects.View),
60+
new Claim(CustomClaimTypes.Permission, Permissions.Projects.Create),
61+
new Claim(CustomClaimTypes.Permission, Permissions.Projects.Edit),
62+
new Claim(CustomClaimTypes.Permission, Permissions.Projects.Delete),
63+
64+
new Claim(CustomClaimTypes.Permission, Permissions.Products.View),
65+
new Claim(CustomClaimTypes.Permission, Permissions.Products.Create),
66+
new Claim(CustomClaimTypes.Permission, Permissions.Products.Edit),
67+
new Claim(CustomClaimTypes.Permission, Permissions.Products.Delete),
68+
69+
new Claim(CustomClaimTypes.Permission, Permissions.ProductCategories.View),
70+
new Claim(CustomClaimTypes.Permission, Permissions.ProductCategories.Create),
71+
new Claim(CustomClaimTypes.Permission, Permissions.ProductCategories.Edit),
72+
new Claim(CustomClaimTypes.Permission, Permissions.ProductCategories.Delete),
73+
74+
new Claim(CustomClaimTypes.Permission, Permissions.Orders.View),
75+
new Claim(CustomClaimTypes.Permission, Permissions.Orders.Create),
76+
new Claim(CustomClaimTypes.Permission, Permissions.Orders.Edit),
77+
new Claim(CustomClaimTypes.Permission, Permissions.Orders.Delete),
5778
};
5879

5980
await userManager.AddClaimsAsync(adminUser, adminPermissions);

Data/Seeders/ManagerUserSeeder.cs

Lines changed: 18 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ public static async Task SeedManagerUserAsync(IServiceProvider serviceProvider)
1515
var configuration = scope.ServiceProvider.GetRequiredService<IConfiguration>();
1616

1717
// Get manager user details from configuration
18-
var managerEmail = configuration["ManagerUser:Email"] ?? "manager@example.com";
18+
var managerEmail = configuration["ManagerUser:Email"] ?? "manager@adminhub.com";
1919
var managerUserName = configuration["ManagerUser:UserName"] ?? "manager_user";
2020
var managerPassword = configuration["ManagerUser:Password"] ?? "Manager@Pass1";
2121

@@ -49,11 +49,25 @@ public static async Task SeedManagerUserAsync(IServiceProvider serviceProvider)
4949
new Claim(CustomClaimTypes.Permission, Permissions.Users.View),
5050
new Claim(CustomClaimTypes.Permission, Permissions.Users.Create),
5151
new Claim(CustomClaimTypes.Permission, Permissions.Users.Edit),
52+
5253
new Claim(CustomClaimTypes.Permission, Permissions.Roles.View),
54+
5355
new Claim(CustomClaimTypes.Permission, Permissions.Projects.View),
5456
new Claim(CustomClaimTypes.Permission, Permissions.Projects.Create),
5557
new Claim(CustomClaimTypes.Permission, Permissions.Projects.Edit),
5658
new Claim(CustomClaimTypes.Permission, Permissions.Projects.Delete),
59+
60+
new Claim(CustomClaimTypes.Permission, Permissions.Products.View),
61+
new Claim(CustomClaimTypes.Permission, Permissions.Products.Create),
62+
new Claim(CustomClaimTypes.Permission, Permissions.Products.Edit),
63+
64+
new Claim(CustomClaimTypes.Permission, Permissions.ProductCategories.View),
65+
new Claim(CustomClaimTypes.Permission, Permissions.ProductCategories.Create),
66+
new Claim(CustomClaimTypes.Permission, Permissions.ProductCategories.Edit),
67+
68+
new Claim(CustomClaimTypes.Permission, Permissions.Orders.View),
69+
new Claim(CustomClaimTypes.Permission, Permissions.Orders.Create),
70+
new Claim(CustomClaimTypes.Permission, Permissions.Orders.Edit),
5771
};
5872

5973
await userManager.AddClaimsAsync(managerUser, userPermissions);
@@ -68,10 +82,10 @@ public static async Task SeedManagerUserAsync(IServiceProvider serviceProvider)
6882
{
6983
logger.LogInformation("Manager user already exists");
7084

71-
// Ensure manager is in the manager role
72-
if (!await userManager.IsInRoleAsync(managerUser, RoleSeeder.UserRole))
85+
// Ensure a manager is in the manager role
86+
if (!await userManager.IsInRoleAsync(managerUser, RoleSeeder.ManagerRole))
7387
{
74-
await userManager.AddToRoleAsync(managerUser, RoleSeeder.UserRole);
88+
await userManager.AddToRoleAsync(managerUser, RoleSeeder.ManagerRole);
7589
logger.LogInformation("Added existing manager user to manager role");
7690
}
7791
}

Data/Seeders/NormalUserSeeder.cs

Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ public static async Task SeedNormalUserAsync(IServiceProvider serviceProvider)
1515
var configuration = scope.ServiceProvider.GetRequiredService<IConfiguration>();
1616

1717
// Get admin user details from configuration
18-
var demoEmail = configuration["DemoUser:Email"] ?? "demo@example.com";
18+
var demoEmail = configuration["DemoUser:Email"] ?? "demo@adminhub.com";
1919
var demoUserName = configuration["DemoUser:UserName"] ?? "demo_user";
2020
var demoPassword = configuration["DemoUser:Password"] ?? "Demo@Pass1";
2121

@@ -48,7 +48,22 @@ public static async Task SeedNormalUserAsync(IServiceProvider serviceProvider)
4848
{
4949
new Claim(CustomClaimTypes.Permission, Permissions.Users.View),
5050
new Claim(CustomClaimTypes.Permission, Permissions.Users.Edit),
51+
52+
new Claim(CustomClaimTypes.Permission, Permissions.Roles.View),
53+
5154
new Claim(CustomClaimTypes.Permission, Permissions.Projects.View),
55+
56+
new Claim(CustomClaimTypes.Permission, Permissions.Products.View),
57+
new Claim(CustomClaimTypes.Permission, Permissions.Products.Create),
58+
new Claim(CustomClaimTypes.Permission, Permissions.Products.Edit),
59+
60+
new Claim(CustomClaimTypes.Permission, Permissions.ProductCategories.View),
61+
new Claim(CustomClaimTypes.Permission, Permissions.ProductCategories.Create),
62+
new Claim(CustomClaimTypes.Permission, Permissions.ProductCategories.Edit),
63+
64+
new Claim(CustomClaimTypes.Permission, Permissions.Orders.View),
65+
new Claim(CustomClaimTypes.Permission, Permissions.Orders.Create),
66+
new Claim(CustomClaimTypes.Permission, Permissions.Orders.Edit),
5267
};
5368

5469
await userManager.AddClaimsAsync(demoUser, userPermissions);

0 commit comments

Comments
 (0)