using Microsoft.AspNetCore.Mvc; using FamilyTreeAPI.Entities; using FamilyTreeAPI.Interface; using System.Threading.Tasks; namespace FamilyTreeAPI.Controllers; // [Authorize] [ApiController] [Route("api/[controller]")] public class StaffController : ControllerBase { private readonly IStaff _staff; public StaffController(IStaff staff) { _staff = staff; } [HttpPost("[action]")] public async Task SaveStaff([FromBody] StaffDto model) { //var currentUser = (User?)HttpContext.Items["User"]; //if (null == currentUser) // return Unauthorized(new { message = "Unauthorized" }); var response = await _staff.SaveStaff(model); return Ok(response); } [HttpPost("[action]")] public async Task ResetPassStaff([FromBody] ResetPassDto model) { //var currentUser = (User?)HttpContext.Items["User"]; //if (null == currentUser) // return Unauthorized(new { message = "Unauthorized" }); var response = await _staff.ResetPassword(model); return Ok(response); } [HttpPost("[action]")] public async Task SearchStaff([FromBody] StaffCriteria criteria) { var retval = await _staff.GetStaff(criteria); return Ok(retval); } [HttpGet("{id}")] public async Task Staff( int id) { /* // only admins can access other user records var currentUser = (User)HttpContext.Items["User"]; if (id != currentUser.Id && currentUser.Role != Role.Admin) return Unauthorized(new { message = "Unauthorized" }); */ var retval = await _staff.GetStaffById(id); return Ok(retval); } [HttpPost("[action]")] public async Task DeleteStaff(DeleteCriteria criteria) { var currentUser = (UserDto?)HttpContext.Items["User"]; if (null == currentUser) return Unauthorized(new { message = "Unauthorized" }); var retval = await _staff.Delete(criteria.Id); return Ok(retval); } }