src/Meezi.API/Controllers/TablesController.cs

using FluentValidation;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Meezi.API.Models.Orders;
using Meezi.API.Models.Tables;
using Meezi.API.Services;
using Meezi.Core.Interfaces;
using Meezi.Shared;

namespace Meezi.API.Controllers;

[Route("api/cafes/{cafeId}/tables")]
public class TablesController : CafeApiControllerBase
{
    private readonly ITableService _tableService;
    private readonly IOrderService _orderService;
    private readonly IValidator<CreateTableRequest> _createValidator;
    private readonly IValidator<PatchTableRequest> _patchValidator;
    private readonly IValidator<SetTableCleaningRequest> _cleaningValidator;

    public TablesController(
        ITableService tableService,
        IOrderService orderService,
        IValidator<CreateTableRequest> createValidator,
        IValidator<PatchTableRequest> patchValidator,
        IValidator<SetTableCleaningRequest> cleaningValidator)
    {
        _tableService = tableService;
        _orderService = orderService;
        _createValidator = createValidator;
        _patchValidator = patchValidator;
        _cleaningValidator = cleaningValidator;
    }

    [HttpGet("board")]
    public async Task<IActionResult> GetBoard(
        string cafeId,
        ITenantContext tenant,
        [FromQuery] bool activeOnly = true,
        [FromQuery] string? branchId = null,
        CancellationToken ct = default)
    {
        if (EnsureCafeAccess(cafeId, tenant) is { } denied) return denied;
        var data = await _tableService.GetTableBoardAsync(cafeId, activeOnly, branchId, ct);
        return Ok(new ApiResponse<IReadOnlyList<TableBoardDto>>(true, data));
    }

    [HttpGet]
    public async Task<IActionResult> GetTables(
        string cafeId,
        ITenantContext tenant,
        [FromQuery] string? branchId = null,
        CancellationToken ct = default)
    {
        if (EnsureCafeAccess(cafeId, tenant) is { } denied) return denied;
        var data = await _tableService.GetTablesAsync(cafeId, branchId, ct);
        return Ok(new ApiResponse<IReadOnlyList<TableDto>>(true, data));
    }

    [HttpPost]
    public async Task<IActionResult> CreateTable(
        string cafeId,
        [FromBody] CreateTableRequest request,
        ITenantContext tenant,
        CancellationToken ct)
    {
        if (EnsureCafeAccess(cafeId, tenant) is { } denied) return denied;
        var validation = await _createValidator.ValidateAsync(request, ct);
        if (!validation.IsValid) return BadRequest(ValidationError(validation));

        var data = await _tableService.CreateTableAsync(cafeId, request, ct);
        if (data is null) return NotFoundError("Branch not found.");
        return Ok(new ApiResponse<TableDto>(true, data));
    }

    [HttpPatch("{id}")]
    public async Task<IActionResult> PatchTable(
        string cafeId,
        string id,
        [FromBody] PatchTableRequest request,
        ITenantContext tenant,
        CancellationToken ct)
    {
        if (EnsureCafeAccess(cafeId, tenant) is { } denied) return denied;
        var validation = await _patchValidator.ValidateAsync(request, ct);
        if (!validation.IsValid) return BadRequest(ValidationError(validation));

        var data = await _tableService.PatchTableAsync(cafeId, id, request, ct);
        if (data is null) return NotFoundError();
        return Ok(new ApiResponse<TableDto>(true, data));
    }

    [HttpGet("{id}/active-order")]
    public async Task<IActionResult> GetActiveOrder(
        string cafeId,
        string id,
        ITenantContext tenant,
        CancellationToken ct)
    {
        if (EnsureCafeAccess(cafeId, tenant) is { } denied) return denied;
        var data = await _orderService.GetActiveOrderByTableAsync(cafeId, id, ct);
        if (data is null) return NotFoundError("No active order for this table.");
        return Ok(new ApiResponse<OrderDto>(true, data));
    }

    [HttpDelete("{id}")]
    [Authorize(Roles = "Manager,Owner")]
    public async Task<IActionResult> DeleteTable(
        string cafeId,
        string id,
        ITenantContext tenant,
        CancellationToken ct)
    {
        if (EnsureCafeAccess(cafeId, tenant) is { } denied) return denied;

        var result = await _tableService.DeleteTableAsync(cafeId, id, ct);
        if (!result.Success)
        {
            var status = result.ErrorCode == "TABLE_HAS_OPEN_ORDER"
                ? StatusCodes.Status409Conflict
                : StatusCodes.Status400BadRequest;
            return StatusCode(status,
                new ApiResponse<object>(false, null, new ApiError(result.ErrorCode!, result.Message ?? result.ErrorCode!)));
        }

        return Ok(new ApiResponse<object>(true, result.Data));
    }

    [HttpPatch("{id}/cleaning")]
    public async Task<IActionResult> SetCleaning(
        string cafeId,
        string id,
        [FromBody] SetTableCleaningRequest request,
        ITenantContext tenant,
        CancellationToken ct)
    {
        if (EnsureCafeAccess(cafeId, tenant) is { } denied) return denied;
        var validation = await _cleaningValidator.ValidateAsync(request, ct);
        if (!validation.IsValid) return BadRequest(ValidationError(validation));

        var data = await _tableService.SetTableCleaningAsync(cafeId, id, request.IsCleaning, ct);
        if (data is null) return NotFoundError();
        return Ok(new ApiResponse<TableBoardDto>(true, data));
    }

    [HttpGet("{id}/qr")]
    public async Task<IActionResult> GetQrPng(
        string cafeId,
        string id,
        ITenantContext tenant,
        CancellationToken ct)
    {
        if (EnsureCafeAccess(cafeId, tenant) is { } denied) return denied;
        var png = await _tableService.GetQrPngAsync(cafeId, id, ct);
        if (png is null) return NotFoundError();
        return File(png, "image/png", $"table-{id}-qr.png");
    }
}
feat(api): .NET 10 multi-tenant REST API 2026-05-27 21:33:48 +03:30			`using FluentValidation;`
			`using Microsoft.AspNetCore.Authorization;`
			`using Microsoft.AspNetCore.Mvc;`
			`using Meezi.API.Models.Orders;`
			`using Meezi.API.Models.Tables;`
			`using Meezi.API.Services;`
			`using Meezi.Core.Interfaces;`
			`using Meezi.Shared;`

			`namespace Meezi.API.Controllers;`

			`[Route("api/cafes/{cafeId}/tables")]`
			`public class TablesController : CafeApiControllerBase`
			`{`
			`private readonly ITableService _tableService;`
			`private readonly IOrderService _orderService;`
			`private readonly IValidator<CreateTableRequest> _createValidator;`
			`private readonly IValidator<PatchTableRequest> _patchValidator;`
			`private readonly IValidator<SetTableCleaningRequest> _cleaningValidator;`

			`public TablesController(`
			`ITableService tableService,`
			`IOrderService orderService,`
			`IValidator<CreateTableRequest> createValidator,`
			`IValidator<PatchTableRequest> patchValidator,`
			`IValidator<SetTableCleaningRequest> cleaningValidator)`
			`{`
			`_tableService = tableService;`
			`_orderService = orderService;`
			`_createValidator = createValidator;`
			`_patchValidator = patchValidator;`
			`_cleaningValidator = cleaningValidator;`
			`}`

			`[HttpGet("board")]`
			`public async Task<IActionResult> GetBoard(`
			`string cafeId,`
			`ITenantContext tenant,`
			`[FromQuery] bool activeOnly = true,`
			`[FromQuery] string? branchId = null,`
			`CancellationToken ct = default)`
			`{`
			`if (EnsureCafeAccess(cafeId, tenant) is { } denied) return denied;`
			`var data = await _tableService.GetTableBoardAsync(cafeId, activeOnly, branchId, ct);`
			`return Ok(new ApiResponse<IReadOnlyList<TableBoardDto>>(true, data));`
			`}`

			`[HttpGet]`
			`public async Task<IActionResult> GetTables(`
			`string cafeId,`
			`ITenantContext tenant,`
			`[FromQuery] string? branchId = null,`
			`CancellationToken ct = default)`
			`{`
			`if (EnsureCafeAccess(cafeId, tenant) is { } denied) return denied;`
			`var data = await _tableService.GetTablesAsync(cafeId, branchId, ct);`
			`return Ok(new ApiResponse<IReadOnlyList<TableDto>>(true, data));`
			`}`

			`[HttpPost]`
			`public async Task<IActionResult> CreateTable(`
			`string cafeId,`
			`[FromBody] CreateTableRequest request,`
			`ITenantContext tenant,`
			`CancellationToken ct)`
			`{`
			`if (EnsureCafeAccess(cafeId, tenant) is { } denied) return denied;`
			`var validation = await _createValidator.ValidateAsync(request, ct);`
			`if (!validation.IsValid) return BadRequest(ValidationError(validation));`

			`var data = await _tableService.CreateTableAsync(cafeId, request, ct);`
			`if (data is null) return NotFoundError("Branch not found.");`
			`return Ok(new ApiResponse<TableDto>(true, data));`
			`}`

			`[HttpPatch("{id}")]`
			`public async Task<IActionResult> PatchTable(`
			`string cafeId,`
			`string id,`
			`[FromBody] PatchTableRequest request,`
			`ITenantContext tenant,`
			`CancellationToken ct)`
			`{`
			`if (EnsureCafeAccess(cafeId, tenant) is { } denied) return denied;`
			`var validation = await _patchValidator.ValidateAsync(request, ct);`
			`if (!validation.IsValid) return BadRequest(ValidationError(validation));`

			`var data = await _tableService.PatchTableAsync(cafeId, id, request, ct);`
			`if (data is null) return NotFoundError();`
			`return Ok(new ApiResponse<TableDto>(true, data));`
			`}`

			`[HttpGet("{id}/active-order")]`
			`public async Task<IActionResult> GetActiveOrder(`
			`string cafeId,`
			`string id,`
			`ITenantContext tenant,`
			`CancellationToken ct)`
			`{`
			`if (EnsureCafeAccess(cafeId, tenant) is { } denied) return denied;`
			`var data = await _orderService.GetActiveOrderByTableAsync(cafeId, id, ct);`
			`if (data is null) return NotFoundError("No active order for this table.");`
			`return Ok(new ApiResponse<OrderDto>(true, data));`
			`}`

			`[HttpDelete("{id}")]`
			`[Authorize(Roles = "Manager,Owner")]`
			`public async Task<IActionResult> DeleteTable(`
			`string cafeId,`
			`string id,`
			`ITenantContext tenant,`
			`CancellationToken ct)`
			`{`
			`if (EnsureCafeAccess(cafeId, tenant) is { } denied) return denied;`

			`var result = await _tableService.DeleteTableAsync(cafeId, id, ct);`
			`if (!result.Success)`
			`{`
			`var status = result.ErrorCode == "TABLE_HAS_OPEN_ORDER"`
			`? StatusCodes.Status409Conflict`
			`: StatusCodes.Status400BadRequest;`
			`return StatusCode(status,`
			`new ApiResponse<object>(false, null, new ApiError(result.ErrorCode!, result.Message ?? result.ErrorCode!)));`
			`}`

			`return Ok(new ApiResponse<object>(true, result.Data));`
			`}`

			`[HttpPatch("{id}/cleaning")]`
			`public async Task<IActionResult> SetCleaning(`
			`string cafeId,`
			`string id,`
			`[FromBody] SetTableCleaningRequest request,`
			`ITenantContext tenant,`
			`CancellationToken ct)`
			`{`
			`if (EnsureCafeAccess(cafeId, tenant) is { } denied) return denied;`
			`var validation = await _cleaningValidator.ValidateAsync(request, ct);`
			`if (!validation.IsValid) return BadRequest(ValidationError(validation));`

			`var data = await _tableService.SetTableCleaningAsync(cafeId, id, request.IsCleaning, ct);`
			`if (data is null) return NotFoundError();`
			`return Ok(new ApiResponse<TableBoardDto>(true, data));`
			`}`

			`[HttpGet("{id}/qr")]`
			`public async Task<IActionResult> GetQrPng(`
			`string cafeId,`
			`string id,`
			`ITenantContext tenant,`
			`CancellationToken ct)`
			`{`
			`if (EnsureCafeAccess(cafeId, tenant) is { } denied) return denied;`
			`var png = await _tableService.GetQrPngAsync(cafeId, id, ct);`
			`if (png is null) return NotFoundError();`
			`return File(png, "image/png", $"table-{id}-qr.png");`
			`}`
			`}`