raven/server/AyaNova/Controllers/WorkOrderController.cs

using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Routing;
using Microsoft.AspNetCore.Authorization;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Logging;
using AyaNova.Models;
using AyaNova.Api.ControllerHelpers;
using AyaNova.Biz;


namespace AyaNova.Api.Controllers
{

    [ApiController]
    [ApiVersion("8.0")]
    [Route("api/v{version:apiVersion}/workorders")]
    [Produces("application/json")]
    [Authorize]
    public class WorkOrderController : ControllerBase
    {
        private readonly AyContext ct;
        private readonly ILogger<WorkOrderController> log;
        private readonly ApiServerState serverState;


        /// <summary>
        /// ctor
        /// </summary>
        /// <param name="dbcontext"></param>
        /// <param name="logger"></param>
        /// <param name="apiServerState"></param>  
        public WorkOrderController(AyContext dbcontext, ILogger<WorkOrderController> logger, ApiServerState apiServerState)
        {
            ct = dbcontext;
            log = logger;
            serverState = apiServerState;
        }


        #region WorkOrder top level routes

        /// <summary>
        /// Get full WorkOrder object
        /// </summary>
        /// <param name="id"></param>
        /// <returns>A single WorkOrder</returns>
        [HttpGet("{id}")]
        public async Task<IActionResult> GetWorkOrder([FromRoute] long id)
        {
            if (!serverState.IsOpen)
                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));

            //Instantiate the business object handler
            WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);

            //NOTE: This is the first check and often the only check but in some cases with some objects this will also need to check biz object rules 
            if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
                return StatusCode(403, new ApiNotAuthorizedResponse());

            if (!ModelState.IsValid)
                return BadRequest(new ApiErrorResponse(ModelState));

            var o = await biz.GetAsync(id);
            if (o == null)
                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));

            // NOTE: HERE would be the second check of biz rules before returning the object
            // in cases where there is also a business rule to affect retrieval on top of basic rights

            return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
        }

        //TODO: GET BY RELATIVE
        //get by descendent type and id




        /// <summary>
        /// Put (update) WorkOrder
        /// </summary>
        /// <param name="id"></param>
        /// <param name="inObj"></param>
        /// <returns></returns>
        [HttpPut("{id}")]
        public async Task<IActionResult> PutWorkOrder([FromRoute] long id, [FromBody] WorkOrder inObj)
        {
            if (!serverState.IsOpen)
                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));

            if (!ModelState.IsValid)
                return BadRequest(new ApiErrorResponse(ModelState));

            //Instantiate the business object handler       
            WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);

            var o = await biz.GetAsync(id, false);
            if (o == null)
                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));

            if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
                return StatusCode(403, new ApiNotAuthorizedResponse());

            try
            {
                if (!await biz.PutAsync(o, inObj))
                    return BadRequest(new ApiErrorResponse(biz.Errors));
            }
            catch (DbUpdateConcurrencyException)
            {
                if (!await biz.ExistsAsync(id))
                    return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
                else
                    return StatusCode(409, new ApiErrorResponse(ApiErrorCode.CONCURRENCY_CONFLICT));
            }
            return Ok(ApiOkResponse.Response(new { ConcurrencyToken = o.ConcurrencyToken }, true));
        }




        /// <summary>
        /// Create Workorder
        /// </summary>
        /// <param name="inObj"></param>
        /// <param name="apiVersion">Automatically filled from route path, no need to specify in body</param>
        /// <returns></returns>
        [HttpPost]
        public async Task<IActionResult> PostWorkOrder([FromBody] WorkOrder inObj, ApiVersion apiVersion)
        {
            if (!serverState.IsOpen)
                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));

            //Instantiate the business object handler
            WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);

            //If a user has change roles
            if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
                return StatusCode(403, new ApiNotAuthorizedResponse());

            if (!ModelState.IsValid)
                return BadRequest(new ApiErrorResponse(ModelState));

            //Create and validate
            WorkOrder o = await biz.CreateAsync(inObj);
            if (o == null)
                return BadRequest(new ApiErrorResponse(biz.Errors));
            else
                return CreatedAtAction(nameof(WorkOrderController.GetWorkOrder), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));

        }



        //TODO: CreateFromTemplate(templateid)
        //TODO: Createfromquote(quoteid)
        //todo: createfrompm(pmid)




        /// <summary>
        /// Duplicate WorkOrder
        /// </summary>
        /// <param name="id">Create a duplicate of this items id</param>
        /// <param name="apiVersion">Automatically filled from route path, no need to specify in body</param>
        /// <returns></returns>
        [HttpPost("duplicate/{id}")]
        public async Task<IActionResult> DuplicateWorkOrder([FromRoute] long id, ApiVersion apiVersion)
        {
            if (!serverState.IsOpen)
                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));

            //Instantiate the business object handler
            WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);

            //If a user has change roles
            if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
                return StatusCode(403, new ApiNotAuthorizedResponse());

            if (!ModelState.IsValid)
                return BadRequest(new ApiErrorResponse(ModelState));

            var oSrc = await biz.GetAsync(id, false);
            if (oSrc == null)
                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));

            //Create and validate
            WorkOrder o = await biz.DuplicateAsync(oSrc);
            if (o == null)
                return BadRequest(new ApiErrorResponse(biz.Errors));
            else
                return CreatedAtAction(nameof(WorkOrderController.GetWorkOrder), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));

        }



        /// <summary>
        /// Delete WorkOrder
        /// </summary>
        /// <param name="id"></param>
        /// <returns>Ok</returns>
        [HttpDelete("{id}")]
        public async Task<IActionResult> DeleteWorkOrder([FromRoute] long id)
        {
            if (!serverState.IsOpen)
                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));

            if (!ModelState.IsValid)
                return BadRequest(new ApiErrorResponse(ModelState));

            //Instantiate the business object handler
            WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);

            var o = await biz.GetAsync(id, false);
            if (o == null)
                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));

            if (!Authorized.HasDeleteRole(HttpContext.Items, biz.BizType))
                return StatusCode(403, new ApiNotAuthorizedResponse());

            if (!await biz.DeleteAsync(o))
                return BadRequest(new ApiErrorResponse(biz.Errors));

            return NoContent();
        }

        #endregion WorkorderTopLevel routes


        #region WorkOrder Item
        //TODO: Plot exact routes needed here, not all are needed, particularly the collection ones
        //but maybe handy?  Like do I need delete on entire woitems collection?
        //WorkOrder/{woid}/WorkorderItems <- all workorderitems, post to add new, put to update all as a collection
        //WorkOrder/{woid}/WorkOrderItems/{woitemid} <- CRUD single woitemid
        //https://docs.microsoft.com/en-us/azure/architecture/best-practices/api-design#define-operations-in-terms-of-http-methods
        /*
        Resource 	POST 	GET 	PUT 	DELETE
        /customers 	Create a new customer 	Retrieve all customers 	Bulk update of customers 	Remove all customers
        /customers/1 	Error 	Retrieve the details for customer 1 	Update the details of customer 1 if it exists 	Remove customer 1
        /customers/1/orders 	Create a new order for customer 1 	Retrieve all orders for customer 1 	Bulk update of orders for customer 1 	Remove all orders for customer 1
        */

        //So Post into a collection means create one item in that collection, never a whole collection being created at once
        //GET PUT and DELETE on a collecdtion always mean the entire collection, POST is the outlier here


        //  /// <summary>
        //         /// Get full WorkOrder object
        //         /// </summary>
        //         /// <param name="id"></param>
        //         /// <returns>A single WorkOrder</returns>
        //         [HttpGet("{id}")]
        //         public async Task<IActionResult> GetWorkOrder([FromRoute] long id)
        //         {
        //             if (!serverState.IsOpen)
        //                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));

        //             //Instantiate the business object handler
        //             WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);

        //             //NOTE: This is the first check and often the only check but in some cases with some objects this will also need to check biz object rules 
        //             if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
        //                 return StatusCode(403, new ApiNotAuthorizedResponse());

        //             if (!ModelState.IsValid)
        //                 return BadRequest(new ApiErrorResponse(ModelState));

        //             var o = await biz.GetAsync(id);
        //             if (o == null)
        //                 return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));

        //             // NOTE: HERE would be the second check of biz rules before returning the object
        //             // in cases where there is also a business rule to affect retrieval on top of basic rights

        //             return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
        //         }

        //         //TODO: GET BY RELATIVE
        //         //get by descendent type and id




        //         /// <summary>
        //         /// Put (update) WorkOrder
        //         /// </summary>
        //         /// <param name="id"></param>
        //         /// <param name="inObj"></param>
        //         /// <returns></returns>
        //         [HttpPut("{id}")]
        //         public async Task<IActionResult> PutWorkOrder([FromRoute] long id, [FromBody] WorkOrder inObj)
        //         {
        //             if (!serverState.IsOpen)
        //                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));

        //             if (!ModelState.IsValid)
        //                 return BadRequest(new ApiErrorResponse(ModelState));

        //             //Instantiate the business object handler       
        //             WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);

        //             var o = await biz.GetAsync(id, false);
        //             if (o == null)
        //                 return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));

        //             if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
        //                 return StatusCode(403, new ApiNotAuthorizedResponse());

        //             try
        //             {
        //                 if (!await biz.PutAsync(o, inObj))
        //                     return BadRequest(new ApiErrorResponse(biz.Errors));
        //             }
        //             catch (DbUpdateConcurrencyException)
        //             {
        //                 if (!await biz.ExistsAsync(id))
        //                     return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
        //                 else
        //                     return StatusCode(409, new ApiErrorResponse(ApiErrorCode.CONCURRENCY_CONFLICT));
        //             }
        //             return Ok(ApiOkResponse.Response(new { ConcurrencyToken = o.ConcurrencyToken }, true));
        //         }




        //         /// <summary>
        //         /// Post Workorder
        //         /// </summary>
        //         /// <param name="inObj"></param>
        //         /// <param name="apiVersion">Automatically filled from route path, no need to specify in body</param>
        //         /// <returns></returns>
        //         [HttpPost]
        //         public async Task<IActionResult> PostWorkOrder([FromBody] WorkOrder inObj, ApiVersion apiVersion)
        //         {
        //             if (!serverState.IsOpen)
        //                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));

        //             //Instantiate the business object handler
        //             WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);

        //             //If a user has change roles
        //             if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
        //                 return StatusCode(403, new ApiNotAuthorizedResponse());

        //             if (!ModelState.IsValid)
        //                 return BadRequest(new ApiErrorResponse(ModelState));

        //             //Create and validate
        //             WorkOrder o = await biz.CreateAsync(inObj);
        //             if (o == null)
        //                 return BadRequest(new ApiErrorResponse(biz.Errors));
        //             else
        //                 return CreatedAtAction(nameof(WorkOrderController.GetWorkOrder), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));

        //         }





        /// <summary>
        /// Create WorkOrderItem
        /// </summary>       
        /// <param name="newObject"></param>
        /// <param name="apiVersion">Automatically filled from route path, no need to specify in body</param>
        /// <returns></returns>
        [HttpPost("/items")]
        public async Task<IActionResult> PostWorkOrderItem([FromBody] WorkOrderItem newObject, ApiVersion apiVersion)
        {
            //NOTE: we don't need the workorder id in the route because the workorder item must contain the workorder id anyway


            if (!serverState.IsOpen)
                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));

            //Instantiate the business object handler
            WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);

            //If a user has change roles
            if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
                return StatusCode(403, new ApiNotAuthorizedResponse());

            if (!ModelState.IsValid)
                return BadRequest(new ApiErrorResponse(ModelState));

            // //Create and validate
            // WorkOrderItem o = await biz.CreateAsync(newObject);
            // if (o == null)
            //     return BadRequest(new ApiErrorResponse(biz.Errors));
            // else
            //     return CreatedAtAction(nameof(WorkOrderController.GetWorkOrder), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
            return NoContent();
        }



        /// <summary>
        /// Delete WorkOrderItem
        /// </summary>      
        /// <param name="workOrderItemId"></param>
        /// <returns>Ok-no content</returns>
        [HttpDelete("/items/{WorkOrderItemId}")]
        public async Task<IActionResult> DeleteWorkOrderItem([FromRoute] long workOrderItemId)
        {
            //NOTE: we don't need the workorder id in the route because the workorder item must contain the workorder id anyway

            //WorkOrder/{woid}/WorkorderItems <- all workorderitems, post to add new, put to update all as a collection
            //WorkOrder/{WorkOrderId}/WorkorderItems
            if (!serverState.IsOpen)
                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));

            if (!ModelState.IsValid)
                return BadRequest(new ApiErrorResponse(ModelState));

            //Instantiate the business object handler
            WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);

            if (!Authorized.HasDeleteRole(HttpContext.Items, biz.BizType))
                return StatusCode(403, new ApiNotAuthorizedResponse());

            //*******************************************************************************
            //NOTE: I'm thinking there should be no db access in controller
            //let the biz object return not found if necessary
            //*******************************************************************************

            // var o = await biz.GetAsync(workOrderId, false);
            // if (o == null)
            //     return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
            // //Make sure the item exists first before getting into it
            // if (!o.WorkorderItems.Exists(m => m.Id == workOrderItemId))
            //     return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));



            //stubbed out for now just to see routes
            // if (!await biz.DeleteItemsAsync(o))
            //     return BadRequest(new ApiErrorResponse(biz.Errors));

            return NoContent();
        }



        #endregion workorderitem


        #region WorkOrderItemLabor


        /// <summary>
        /// Delete WorkOrderItemLabor
        /// </summary>        
        /// <param name="workOrderItemLaborId"></param>
        /// <returns>Ok-no content</returns>
        [HttpDelete("/items/labors/{WorkOrderItemLaborId}")]
        public async Task<IActionResult> DeleteWorkOrderItemLabor([FromRoute] long workOrderItemLaborId)
        {
            if (!serverState.IsOpen)
                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));

            if (!ModelState.IsValid)
                return BadRequest(new ApiErrorResponse(ModelState));

            //Instantiate the business object handler
            WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);

            if (!Authorized.HasDeleteRole(HttpContext.Items, biz.BizType))
                return StatusCode(403, new ApiNotAuthorizedResponse());

            //*******************************************************************************
            //NOTE: I'm thinking there should be no db access in controller
            //let the biz object return not found if necessary
            //*******************************************************************************


            // var o = await biz.GetAsync(workOrderId, false);
            // if (o == null)
            //     return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));

            // //Get WorkorderItem
            // var woitem = o.WorkorderItems.FirstOrDefault(m => m.Id == workOrderItemId);
            // if (woitem == null)
            //     return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));

            // //Get WorkOrderItemLabor
            // var woitemlabor = woitem.WorkorderItemLabors.FirstOrDefault(m => m.Id == workOrderItemLaborId);
            // if (woitem == null)
            //     return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));




            //stubbed out for now just to see routes
            // if (!await biz.DeleteWorkOrderItemLaborAsync(woitemlabor))//may need more info, not sure
            //     return BadRequest(new ApiErrorResponse(biz.Errors));

            return NoContent();
        }
        #endregion WorkOrderItemLabor


        #region WorkOrderItemPart

        /// <summary>
        /// Delete WorkOrderItemPart
        /// </summary>       
        /// <param name="workOrderItemPartId"></param>
        /// <returns>Ok-no content</returns>
        [HttpDelete("/items/parts/{WorkOrderItemPartId}")]
        public async Task<IActionResult> DeleteWorkOrderItemPart([FromRoute] long workOrderItemPartId)
        {
            if (!serverState.IsOpen)
                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));

            if (!ModelState.IsValid)
                return BadRequest(new ApiErrorResponse(ModelState));

            //Instantiate the business object handler
            WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);

            if (!Authorized.HasDeleteRole(HttpContext.Items, biz.BizType))
                return StatusCode(403, new ApiNotAuthorizedResponse());


            //*******************************************************************************
            //NOTE: I'm thinking there should be no db access in controller
            //let the biz object return not found if necessary
            //*******************************************************************************

            // var o = await biz.GetAsync(workOrderId, false);
            // if (o == null)
            //     return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
            // //Make sure the item exists first before getting into it
            // if (!o.WorkorderItems.Exists(m => m.Id == workOrderItemId))
            //     return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));



            //stubbed out for now just to see routes
            // if (!await biz.DeleteItemsAsync(o))
            //     return BadRequest(new ApiErrorResponse(biz.Errors));

            return NoContent();
        }
        #endregion WorkOrderItemPart

        //------------


    }//eoc
}//eons