using System.ComponentModel.DataAnnotations;
using MediatR;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using TakeoutSaaS.Application.Identity.Commands;
using TakeoutSaaS.Application.Identity.Contracts;
using TakeoutSaaS.Application.Identity.Queries;
using TakeoutSaaS.Module.Authorization.Attributes;
using TakeoutSaaS.Shared.Abstractions.Results;
using TakeoutSaaS.Shared.Web.Api;
namespace TakeoutSaaS.AdminApi.Controllers;
///
/// 权限管理。
///
[ApiVersion("1.0")]
[Authorize]
[Route("api/admin/v{version:apiVersion}/permissions")]
public sealed class PermissionsController(IMediator mediator) : BaseApiController
{
///
/// 分页查询权限。
///
///
/// 示例:GET /api/admin/v1/permissions?keyword=order&page=1&pageSize=20
///
/// 查询条件。
/// 取消标记。
/// 权限的分页结果。
[HttpGet]
[PermissionAuthorize("identity:permission:read")]
[ProducesResponseType(typeof(ApiResponse>), StatusCodes.Status200OK)]
public async Task>> Search([FromQuery] SearchPermissionsQuery query, CancellationToken cancellationToken)
{
var result = await mediator.Send(query, cancellationToken);
return ApiResponse>.Ok(result);
}
///
/// 获取权限树。
///
/// 关键字(可选)。
/// 取消标记。
/// 权限树列表。
[HttpGet("tree")]
[PermissionAuthorize("identity:permission:read")]
[ProducesResponseType(typeof(ApiResponse>), StatusCodes.Status200OK)]
public async Task>> Tree([FromQuery] string? keyword, CancellationToken cancellationToken)
{
// 1. 构造查询对象
var query = new PermissionTreeQuery { Keyword = keyword };
// 2. 查询权限树
var result = await mediator.Send(query, cancellationToken);
// 3. 返回结果
return ApiResponse>.Ok(result);
}
///
/// 创建权限。
///
/// 创建命令。
/// 取消标记。
/// 创建的权限。
[HttpPost]
[PermissionAuthorize("identity:permission:create")]
[ProducesResponseType(typeof(ApiResponse), StatusCodes.Status200OK)]
public async Task> Create([FromBody, Required] CreatePermissionCommand command, CancellationToken cancellationToken)
{
var result = await mediator.Send(command, cancellationToken);
return ApiResponse.Ok(result);
}
///
/// 更新权限。
///
/// 权限 ID。
/// 更新命令。
/// 取消标记。
/// 更新后的权限,未找到时返回 404。
[HttpPut("{permissionId:long}")]
[PermissionAuthorize("identity:permission:update")]
[ProducesResponseType(typeof(ApiResponse), StatusCodes.Status200OK)]
[ProducesResponseType(typeof(ApiResponse), StatusCodes.Status404NotFound)]
public async Task> Update(long permissionId, [FromBody, Required] UpdatePermissionCommand command, CancellationToken cancellationToken)
{
command = command with { PermissionId = permissionId };
var result = await mediator.Send(command, cancellationToken);
return result is null
? ApiResponse.Error(StatusCodes.Status404NotFound, "权限不存在")
: ApiResponse.Ok(result);
}
///
/// 删除权限。
///
/// 权限 ID。
/// 取消标记。
/// 删除结果。
[HttpDelete("{permissionId:long}")]
[PermissionAuthorize("identity:permission:delete")]
[ProducesResponseType(typeof(ApiResponse), StatusCodes.Status200OK)]
public async Task> Delete(long permissionId, CancellationToken cancellationToken)
{
var command = new DeletePermissionCommand { PermissionId = permissionId };
var result = await mediator.Send(command, cancellationToken);
return ApiResponse.Ok(result);
}
}