src/SIGCM.API/Controllers/UsersController.cs

using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using SIGCM.Application.DTOs;
using SIGCM.Domain.Entities;
using SIGCM.Domain.Interfaces;

namespace SIGCM.API.Controllers;

[ApiController]
[Route("api/[controller]")]
[Authorize(Roles = "Admin")] // Only admins can manage users
public class UsersController : ControllerBase
{
    private readonly IUserRepository _repository;

    public UsersController(IUserRepository repository)
    {
        _repository = repository;
    }

    [HttpGet]
    public async Task<IActionResult> GetAll()
    {
        var users = await _repository.GetAllAsync();
        // Don't expose password hashes
        var sanitized = users.Select(u => new { 
            u.Id, u.Username, u.Role, u.Email, u.CreatedAt 
        });
        return Ok(sanitized);
    }

    [HttpGet("{id}")]
    public async Task<IActionResult> GetById(int id)
    {
        var user = await _repository.GetByIdAsync(id);
        if (user == null) return NotFound();
        
        return Ok(new { user.Id, user.Username, user.Role, user.Email, user.CreatedAt });
    }

    [HttpPost]
    public async Task<IActionResult> Create(CreateUserDto dto)
    {
        // Check if exists
        var existing = await _repository.GetByUsernameAsync(dto.Username);
        if (existing != null) return BadRequest("El nombre de usuario ya existe.");

        var passwordHash = BCrypt.Net.BCrypt.HashPassword(dto.Password);
        
        var user = new User
        {
            Username = dto.Username,
            PasswordHash = passwordHash,
            Role = dto.Role,
            Email = dto.Email,
            CreatedAt = DateTime.UtcNow
        };

        var id = await _repository.CreateAsync(user);
        return CreatedAtAction(nameof(GetById), new { id }, new { id, user.Username });
    }

    [HttpPut("{id}")]
    public async Task<IActionResult> Update(int id, UpdateUserDto dto)
    {
        var user = await _repository.GetByIdAsync(id);
        if (user == null) return NotFound();

        user.Username = dto.Username;
        user.Role = dto.Role;
        user.Email = dto.Email;

        if (!string.IsNullOrEmpty(dto.Password))
        {
            user.PasswordHash = BCrypt.Net.BCrypt.HashPassword(dto.Password);
        }

        await _repository.UpdateAsync(user);
        return NoContent();
    }

    [HttpDelete("{id}")]
    public async Task<IActionResult> Delete(int id)
    {
        // Safe check: prevent deleting yourself optional but good practice
        // For now simple delete
        await _repository.DeleteAsync(id);
        return NoContent();
    }
}
Fase 2: Gestión de Usuarios (CRUD Completo) - Backend & Frontend 2025-12-17 13:37:06 -03:00			`using Microsoft.AspNetCore.Authorization;`
			`using Microsoft.AspNetCore.Mvc;`
			`using SIGCM.Application.DTOs;`
			`using SIGCM.Domain.Entities;`
			`using SIGCM.Domain.Interfaces;`

			`namespace SIGCM.API.Controllers;`

			`[ApiController]`
			`[Route("api/[controller]")]`
			`[Authorize(Roles = "Admin")] // Only admins can manage users`
			`public class UsersController : ControllerBase`
			`{`
			`private readonly IUserRepository _repository;`

			`public UsersController(IUserRepository repository)`
			`{`
			`_repository = repository;`
			`}`

			`[HttpGet]`
			`public async Task<IActionResult> GetAll()`
			`{`
			`var users = await _repository.GetAllAsync();`
			`// Don't expose password hashes`
			`var sanitized = users.Select(u => new {`
			`u.Id, u.Username, u.Role, u.Email, u.CreatedAt`
			`});`
			`return Ok(sanitized);`
			`}`

			`[HttpGet("{id}")]`
			`public async Task<IActionResult> GetById(int id)`
			`{`
			`var user = await _repository.GetByIdAsync(id);`
			`if (user == null) return NotFound();`

			`return Ok(new { user.Id, user.Username, user.Role, user.Email, user.CreatedAt });`
			`}`

			`[HttpPost]`
			`public async Task<IActionResult> Create(CreateUserDto dto)`
			`{`
			`// Check if exists`
			`var existing = await _repository.GetByUsernameAsync(dto.Username);`
			`if (existing != null) return BadRequest("El nombre de usuario ya existe.");`

			`var passwordHash = BCrypt.Net.BCrypt.HashPassword(dto.Password);`

			`var user = new User`
			`{`
			`Username = dto.Username,`
			`PasswordHash = passwordHash,`
			`Role = dto.Role,`
			`Email = dto.Email,`
			`CreatedAt = DateTime.UtcNow`
			`};`

			`var id = await _repository.CreateAsync(user);`
			`return CreatedAtAction(nameof(GetById), new { id }, new { id, user.Username });`
			`}`

			`[HttpPut("{id}")]`
			`public async Task<IActionResult> Update(int id, UpdateUserDto dto)`
			`{`
			`var user = await _repository.GetByIdAsync(id);`
			`if (user == null) return NotFound();`

			`user.Username = dto.Username;`
			`user.Role = dto.Role;`
			`user.Email = dto.Email;`

			`if (!string.IsNullOrEmpty(dto.Password))`
			`{`
			`user.PasswordHash = BCrypt.Net.BCrypt.HashPassword(dto.Password);`
			`}`

			`await _repository.UpdateAsync(user);`
			`return NoContent();`
			`}`

			`[HttpDelete("{id}")]`
			`public async Task<IActionResult> Delete(int id)`
			`{`
			`// Safe check: prevent deleting yourself optional but good practice`
			`// For now simple delete`
			`await _repository.DeleteAsync(id);`
			`return NoContent();`
			`}`
			`}`