system-praktyk-api/src/InternshipSystem.Api/Controllers/StudentsController.cs

using System.Collections.Generic;
using System.Linq;
using System.Threading;
using System.Threading.Tasks;
using InternshipSystem.Api.Queries;
using InternshipSystem.Api.Security;
using InternshipSystem.Core;
using InternshipSystem.Repository;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;

namespace InternshipSystem.Api.Controllers
{
    [Route("students")]
    [ApiController]
    public class StudentsController : ControllerBase
    {
        private readonly InternshipDbContext _context;

        public StudentsController(InternshipDbContext context)
        {
            _context = context;
        }

        /// <summary>
        /// Get current student personal data
        /// </summary>
        /// <returns>Current student data</returns>
        /// <response code="200">Current student data returned successfully</response>
        /// <response code="401">his action is only available for authorized student</response>
        [HttpGet("current")]
        [ProducesResponseType(StatusCodes.Status200OK)]
        [ProducesResponseType(StatusCodes.Status401Unauthorized)]
        [Authorize]
        public async Task<ActionResult<Student>> GetCurrentStudentData([FromServices] User user, CancellationToken cancellationToken)
        {
            return await _context.Students.FindAsync(user.PersonNumber);
        }

        /// <summary>
        /// Update current student personal data
        /// </summary>
        /// <response code="200">Current student data updated successfully</response>
        /// <response code="401">his action is only available for authorized student</response>
        [HttpPut("current")]
        [ProducesResponseType(StatusCodes.Status200OK)]
        [ProducesResponseType(StatusCodes.Status401Unauthorized)]
        [Authorize]
        public async Task<ActionResult> UpdateCurrentStudentData([FromBody] CurrentStudentForm studentNewData, [FromServices] User user, CancellationToken cancellationToken)
        {
            var currentStudent = await _context.Students.FindAsync(user.PersonNumber);

            currentStudent.AlbumNumber = studentNewData.AlbumNumber ?? currentStudent.AlbumNumber;
            currentStudent.FirstName = string.IsNullOrEmpty(studentNewData.FirstName) ? currentStudent.FirstName : studentNewData.FirstName;
            currentStudent.LastName = string.IsNullOrEmpty(studentNewData.LastName) ? currentStudent.LastName : studentNewData.LastName;
            currentStudent.Email = string.IsNullOrEmpty(studentNewData.Email) ? currentStudent.Email : studentNewData.Email;
            currentStudent.Course = string.IsNullOrEmpty(studentNewData.Course) ? currentStudent.Course : studentNewData.Course;
            currentStudent.Semester = studentNewData.Semester ?? currentStudent.Semester;

            await _context.SaveChangesAsync(cancellationToken);
            
            return Ok();
        }
        
        /// <summary>
        /// Get student personal data, only available for coordinator
        /// </summary>
        /// <returns>Student personal data</returns>
        /// <response code="200">Student data returned successfully</response>
        /// <response code="401">This action is only available for authorized internship admin</response>
        /// <response code="404">Student with given id do not exist</response>
        [HttpGet("{studentPersonNumber}")]
        [ProducesResponseType(StatusCodes.Status200OK)]
        [ProducesResponseType(StatusCodes.Status401Unauthorized)]
        [ProducesResponseType(StatusCodes.Status404NotFound)]
        [Authorize]
        public async Task<ActionResult<Student>> GetStudentByPersonNumber(long studentPersonNumber, CancellationToken cancellationToken) => 
            await _context.Students.FindAsync(studentPersonNumber);

        /// <summary>
        /// Search students personal data, only available for coordinator 
        /// </summary>
        /// <returns>List of students personal data</returns>
        /// <response code="200">List of student data</response>
        /// <response code="401">This action is only available for authorized internship admin</response>
        [HttpGet]
        [ProducesResponseType(StatusCodes.Status200OK)]
        [ProducesResponseType(StatusCodes.Status401Unauthorized)]
        [Authorize]
        public async Task<ActionResult<IReadOnlyCollection<Student>>> SearchStudents([FromQuery] StudentSearchQuery searchQuery, CancellationToken cancellationToken) =>
            await _context.Students
                .Where(s => !searchQuery.AlbumNumber.HasValue || s.AlbumNumber.Equals(searchQuery.AlbumNumber))
                .Where(s => string.IsNullOrEmpty(searchQuery.FirstName) || s.FirstName.ToLower().Contains(searchQuery.FirstName.ToLower()))
                .Where(s => string.IsNullOrEmpty(searchQuery.LastName) || s.LastName.ToLower().Contains(searchQuery.LastName.ToLower()))
                .OrderBy(s => s.AlbumNumber)
                .Skip(searchQuery.Page * searchQuery.PerPage)
                .Take(searchQuery.PerPage)
                .ToListAsync(cancellationToken);
        
        /// <summary>
        /// Updates student personal data, only available for coordinator
        /// </summary>
        /// <response code="200">Student data updated successfully</response>
        /// <response code="401">This action is only available for authorized internship admin</response>
        /// <response code="404">Student with given id do not exist</response>
        [HttpPut("{studentId}")]
        [ProducesResponseType(StatusCodes.Status200OK)]
        [ProducesResponseType(StatusCodes.Status400BadRequest)]
        [ProducesResponseType(StatusCodes.Status401Unauthorized)]
        [ProducesResponseType(StatusCodes.Status404NotFound)]
        [Authorize]
        public async Task<ActionResult> UpdateStudentData(long studentId, [FromBody] StudentForm studentNewData, CancellationToken cancellationToken)
        {
            var validator = new StudentForm.Validator();
            var validationResult = await validator.ValidateAsync(studentNewData, cancellationToken);

            if (!validationResult.IsValid)
            {
                return BadRequest(validationResult.ToString());
            }
            
            var currentStudent = await _context.Students.FindAsync(studentId);

            if (currentStudent == null)
            {
                return NotFound();
            }
            
            currentStudent.AlbumNumber = studentNewData.AlbumNumber ?? currentStudent.AlbumNumber;
            currentStudent.FirstName = string.IsNullOrEmpty(studentNewData.FirstName) ? currentStudent.FirstName : studentNewData.FirstName;
            currentStudent.LastName = string.IsNullOrEmpty(studentNewData.LastName) ? currentStudent.LastName : studentNewData.LastName;
            currentStudent.Email = string.IsNullOrEmpty(studentNewData.Email) ? currentStudent.Email : studentNewData.Email;
            currentStudent.Course = string.IsNullOrEmpty(studentNewData.Course) ? currentStudent.Course : studentNewData.Course;
            currentStudent.Semester = studentNewData.Semester ?? currentStudent.Semester;

            await _context.SaveChangesAsync(cancellationToken);
            
            return Ok();
        }
    }
}