91 lines
2.5 KiB
C#
91 lines
2.5 KiB
C#
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using SIGCM.Application.DTOs;
|
|
using SIGCM.Domain.Entities;
|
|
using SIGCM.Domain.Interfaces;
|
|
|
|
namespace SIGCM.API.Controllers;
|
|
|
|
[ApiController]
|
|
[Route("api/[controller]")]
|
|
[Authorize(Roles = "Admin")]
|
|
public class UsersController : ControllerBase
|
|
{
|
|
private readonly IUserRepository _repository;
|
|
|
|
public UsersController(IUserRepository repository)
|
|
{
|
|
_repository = repository;
|
|
}
|
|
|
|
[HttpGet]
|
|
public async Task<IActionResult> GetAll()
|
|
{
|
|
var users = await _repository.GetAllAsync();
|
|
// Don't expose password hashes
|
|
var sanitized = users.Select(u => new {
|
|
u.Id, u.Username, u.Role, u.Email, u.CreatedAt
|
|
});
|
|
return Ok(sanitized);
|
|
}
|
|
|
|
[HttpGet("{id}")]
|
|
public async Task<IActionResult> GetById(int id)
|
|
{
|
|
var user = await _repository.GetByIdAsync(id);
|
|
if (user == null) return NotFound();
|
|
|
|
return Ok(new { user.Id, user.Username, user.Role, user.Email, user.CreatedAt });
|
|
}
|
|
|
|
[HttpPost]
|
|
public async Task<IActionResult> Create(CreateUserDto dto)
|
|
{
|
|
// Check if exists
|
|
var existing = await _repository.GetByUsernameAsync(dto.Username);
|
|
if (existing != null) return BadRequest("El nombre de usuario ya existe.");
|
|
|
|
var passwordHash = BCrypt.Net.BCrypt.HashPassword(dto.Password);
|
|
|
|
var user = new User
|
|
{
|
|
Username = dto.Username,
|
|
PasswordHash = passwordHash,
|
|
Role = dto.Role,
|
|
Email = dto.Email,
|
|
CreatedAt = DateTime.UtcNow
|
|
};
|
|
|
|
var id = await _repository.CreateAsync(user);
|
|
return CreatedAtAction(nameof(GetById), new { id }, new { id, user.Username });
|
|
}
|
|
|
|
[HttpPut("{id}")]
|
|
public async Task<IActionResult> Update(int id, UpdateUserDto dto)
|
|
{
|
|
var user = await _repository.GetByIdAsync(id);
|
|
if (user == null) return NotFound();
|
|
|
|
user.Username = dto.Username;
|
|
user.Role = dto.Role;
|
|
user.Email = dto.Email;
|
|
|
|
if (!string.IsNullOrEmpty(dto.Password))
|
|
{
|
|
user.PasswordHash = BCrypt.Net.BCrypt.HashPassword(dto.Password);
|
|
}
|
|
|
|
await _repository.UpdateAsync(user);
|
|
return NoContent();
|
|
}
|
|
|
|
[HttpDelete("{id}")]
|
|
public async Task<IActionResult> Delete(int id)
|
|
{
|
|
// Safe check: prevent deleting yourself optional but good practice
|
|
// For now simple delete
|
|
await _repository.DeleteAsync(id);
|
|
return NoContent();
|
|
}
|
|
}
|