39 lines
1.5 KiB
C#
39 lines
1.5 KiB
C#
|
using Microsoft.AspNetCore.Authorization;
|
||
|
|
using Microsoft.AspNetCore.Mvc;
|
||
|
|
using Meezi.Core.Enums;
|
||
|
|
using Meezi.Core.Interfaces;
|
||
|
|
using Meezi.Shared;
|
||
|
|
|
||
|
|
namespace Meezi.API.Controllers;
|
||
|
|
|
||
|
|
[Authorize]
|
||
|
|
[ApiController]
|
||
|
|
public abstract class CafeApiControllerBase : ControllerBase
|
||
|
|
{
|
||
|
|
protected IActionResult? EnsureCafeAccess(string routeCafeId, ITenantContext tenant)
|
||
|
|
{
|
||
|
|
if (string.IsNullOrEmpty(tenant.CafeId) || tenant.CafeId != routeCafeId)
|
||
|
|
return StatusCode(StatusCodes.Status403Forbidden,
|
||
|
|
new ApiResponse<object>(false, null, new ApiError("FORBIDDEN", "You do not have access to this cafe.")));
|
||
|
|
return null;
|
||
|
|
}
|
||
|
|
|
||
|
|
protected IActionResult? EnsureOwner(ITenantContext tenant)
|
||
|
|
{
|
||
|
|
if (tenant.Role == EmployeeRole.Owner)
|
||
|
|
return null;
|
||
|
|
return StatusCode(StatusCodes.Status403Forbidden,
|
||
|
|
new ApiResponse<object>(false, null,
|
||
|
|
new ApiError("OWNER_REQUIRED", "Only the cafe owner can perform this action.")));
|
||
|
|
}
|
||
|
|
|
||
|
|
protected static ApiResponse<object> ValidationError(FluentValidation.Results.ValidationResult validation)
|
||
|
|
{
|
||
|
|
var first = validation.Errors.First();
|
||
|
|
return new ApiResponse<object>(false, null, new ApiError("VALIDATION_ERROR", first.ErrorMessage, first.PropertyName));
|
||
|
|
}
|
||
|
|
|
||
|
|
protected IActionResult NotFoundError(string message = "Resource not found.") =>
|
||
|
|
NotFound(new ApiResponse<object>(false, null, new ApiError("NOT_FOUND", message)));
|
||
|
|
}
|