using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Routing; using Microsoft.EntityFrameworkCore; using TeamUp.Modules.OrgBoard.Domain; using TeamUp.Modules.OrgBoard.Persistence; using TeamUp.SharedKernel.Access; using TeamUp.SharedKernel.Auditing; using TeamUp.SharedKernel.Modularity; namespace TeamUp.Modules.OrgBoard.Endpoints; internal static class OrgBoardEndpoints { public static void Map(IEndpointRouteBuilder endpoints) { var group = endpoints.MapGroup("/api/orgboard").WithTags("OrgBoard"); group.MapGet("/ping", () => TypedResults.Ok(new ModulePing("orgboard"))); group.MapPost("/organizations", CreateOrganization).RequireAuthorization(); group.MapPost("/teams", CreateTeam).RequireAuthorization(); group.MapGet("/teams", ListTeams).RequireAuthorization(); group.MapPost("/tasks", CreateTask).RequireAuthorization(); group.MapGet("/board", GetBoard).RequireAuthorization(); group.MapPatch("/tasks/{id:guid}/move", MoveTask).RequireAuthorization(); group.MapPatch("/tasks/{id:guid}/assign", AssignTask).RequireAuthorization(); group.MapGet("/cartable", Cartable).RequireAuthorization(); } private static TaskResponse ToResponse(WorkItem item) => new( item.Id, item.TeamId, item.Title, item.Description, item.Type.ToString(), item.Status.ToString(), item.AssigneeKind.ToString(), item.AssigneeId, item.ParentId); private static async Task CreateOrganization( CreateOrganizationRequest request, IPermissionService permissions, OrgBoardDbContext db, TimeProvider clock, CancellationToken ct) { if (!permissions.Has(Capability.CreateProductsAndTeams, ScopeRef.Org(request.OrganizationId))) { return Results.Forbid(); } if (string.IsNullOrWhiteSpace(request.Name)) { return Results.BadRequest("Name is required."); } var organization = await db.Organizations.FirstOrDefaultAsync(o => o.Id == request.OrganizationId, ct); if (organization is null) { organization = new Organization(request.OrganizationId, request.Name.Trim(), clock.GetUtcNow()); db.Organizations.Add(organization); } else { organization.Rename(request.Name.Trim()); } await db.SaveChangesAsync(ct); return Results.Ok(new OrganizationResponse(organization.Id, organization.Name)); } private static async Task CreateTeam( CreateTeamRequest request, ICurrentUser user, IPermissionService permissions, IAuditLog audit, OrgBoardDbContext db, TimeProvider clock, CancellationToken ct) { if (!permissions.Has(Capability.CreateProductsAndTeams, ScopeRef.Org(request.OrganizationId))) { return Results.Forbid(); } if (string.IsNullOrWhiteSpace(request.Name)) { return Results.BadRequest("Name is required."); } if (!await db.Organizations.AnyAsync(o => o.Id == request.OrganizationId, ct)) { return Results.BadRequest("Organization does not exist; create it first."); } var team = new Team(request.OrganizationId, request.Name.Trim(), clock.GetUtcNow()); db.Teams.Add(team); await db.SaveChangesAsync(ct); await audit.WriteAsync(new AuditEvent("team.created", "Team", team.Id, user.MemberId, team.Name), ct); return Results.Ok(new TeamResponse(team.Id, team.OrganizationId, team.Name)); } private static async Task ListTeams( Guid organizationId, IPermissionService permissions, OrgBoardDbContext db, CancellationToken ct) { if (!permissions.Has(Capability.ViewBoard, ScopeRef.Org(organizationId))) { return Results.Forbid(); } var teams = await db.Teams .Where(t => t.OrganizationId == organizationId) .OrderBy(t => t.CreatedAtUtc) .Select(t => new TeamResponse(t.Id, t.OrganizationId, t.Name)) .ToListAsync(ct); return Results.Ok(teams); } private static async Task CreateTask( CreateTaskRequest request, ICurrentUser user, IPermissionService permissions, IAuditLog audit, OrgBoardDbContext db, TimeProvider clock, CancellationToken ct) { var team = await db.Teams.FirstOrDefaultAsync(t => t.Id == request.TeamId, ct); if (team is null) { return Results.NotFound("Team not found."); } if (!permissions.Has(Capability.WorkTasks, ScopeRef.Team(team.Id), ScopeRef.Org(team.OrganizationId))) { return Results.Forbid(); } if (string.IsNullOrWhiteSpace(request.Title)) { return Results.BadRequest("Title is required."); } var item = new WorkItem(team.Id, request.Title.Trim(), request.Description, request.Type, user.MemberId, clock.GetUtcNow()); db.WorkItems.Add(item); await db.SaveChangesAsync(ct); await audit.WriteAsync(new AuditEvent("task.created", "WorkItem", item.Id, user.MemberId, item.Title), ct); return Results.Ok(ToResponse(item)); } private static async Task GetBoard( Guid teamId, IPermissionService permissions, OrgBoardDbContext db, CancellationToken ct) { var team = await db.Teams.FirstOrDefaultAsync(t => t.Id == teamId, ct); if (team is null) { return Results.NotFound("Team not found."); } if (!permissions.Has(Capability.ViewBoard, ScopeRef.Team(team.Id), ScopeRef.Org(team.OrganizationId))) { return Results.Forbid(); } var items = await db.WorkItems.Where(w => w.TeamId == teamId).OrderBy(w => w.CreatedAtUtc).ToListAsync(ct); var columns = Enum.GetValues() .Select(status => new BoardColumn( status.ToString(), items.Where(i => i.Status == status).Select(ToResponse).ToList())) .ToList(); return Results.Ok(new BoardResponse(teamId, columns)); } private static async Task MoveTask( Guid id, MoveTaskRequest request, ICurrentUser user, IPermissionService permissions, IAuditLog audit, OrgBoardDbContext db, TimeProvider clock, CancellationToken ct) { var (item, team, error) = await LoadItemWithTeam(db, id, ct); if (error is not null) { return error; } if (!permissions.Has(Capability.WorkTasks, ScopeRef.Team(team!.Id), ScopeRef.Org(team.OrganizationId))) { return Results.Forbid(); } item!.MoveTo(request.Status, clock.GetUtcNow()); await db.SaveChangesAsync(ct); await audit.WriteAsync(new AuditEvent("task.moved", "WorkItem", item.Id, user.MemberId, request.Status.ToString()), ct); return Results.Ok(ToResponse(item)); } private static async Task AssignTask( Guid id, AssignTaskRequest request, ICurrentUser user, IPermissionService permissions, IAuditLog audit, OrgBoardDbContext db, TimeProvider clock, CancellationToken ct) { var (item, team, error) = await LoadItemWithTeam(db, id, ct); if (error is not null) { return error; } if (!permissions.Has(Capability.WorkTasks, ScopeRef.Team(team!.Id), ScopeRef.Org(team.OrganizationId))) { return Results.Forbid(); } item!.AssignToMember(request.MemberId, clock.GetUtcNow()); await db.SaveChangesAsync(ct); await audit.WriteAsync(new AuditEvent("task.assigned", "WorkItem", item.Id, user.MemberId, request.MemberId.ToString()), ct); return Results.Ok(ToResponse(item)); } private static async Task Cartable(ICurrentUser user, OrgBoardDbContext db, CancellationToken ct) { var memberId = user.MemberId; var items = await db.WorkItems .Where(w => w.AssigneeKind == AssigneeKind.Member && w.AssigneeId == memberId) .OrderByDescending(w => w.UpdatedAtUtc) .ToListAsync(ct); return Results.Ok(items.Select(ToResponse).ToList()); } private static async Task<(WorkItem? Item, Team? Team, IResult? Error)> LoadItemWithTeam( OrgBoardDbContext db, Guid itemId, CancellationToken ct) { var item = await db.WorkItems.FirstOrDefaultAsync(w => w.Id == itemId, ct); if (item is null) { return (null, null, Results.NotFound("Task not found.")); } var team = await db.Teams.FirstOrDefaultAsync(t => t.Id == item.TeamId, ct); if (team is null) { return (null, null, Results.NotFound("Team not found.")); } return (item, team, null); } }