gordon-360-api/Gordon360/Controllers/ScheduleController.cs at f582d1ab534d3fc219191a859630f6b0825ca84f · gordon-cs/gordon-360-api · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
using Gordon360.Authorization;
using Gordon360.Enums;
using Gordon360.Models.ViewModels;
using Gordon360.Services;
using Gordon360.Static.Names;
using Microsoft.AspNetCore.Mvc;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;

namespace Gordon360.Controllers;

[Route("api/[controller]")]
public class ScheduleController(IProfileService profileService,
                                IScheduleService scheduleService,
                                IAccountService accountService) : GordonControllerBase
{

    /// <summary>
    ///  Gets all session objects for a user
    /// </summary>
    /// <returns>A IEnumerable of session objects as well as the schedules</returns>
    [HttpGet]
    [Route("{username}/allcourses")]
    [StateYourBusiness(operation = Operation.READ_ONE, resource = Resource.STUDENT_SCHEDULE)]
    public async Task<ActionResult<CoursesBySessionViewModel>> GetAllCourses(string username)
    {
        var groups = AuthUtils.GetGroups(User);
        FacultyStaffProfileViewModel? fac = profileService.GetFacultyStaffProfileByUsername(username);
        StudentProfileViewModel? student = profileService.GetStudentProfileByUsername(username);
        AlumniProfileViewModel? alumni = profileService.GetAlumniProfileByUsername(username);
        // Everyone can see faculty schedules.
        // Some users can see student and alumni schedules,
        // but check that they can see this student or alumni.
        if ((fac != null) ||
            (accountService.CanISeeStudentSchedule(groups) &&
               (student != null &&
                accountService.CanISeeThisStudent(groups, student)) ||
               (alumni != null &&
                accountService.CanISeeAlumni(groups))))
        {
            IEnumerable<CoursesBySessionViewModel> result = await scheduleService.GetAllCoursesAsync(username);
            return Ok(result);
        }
        return Forbid();
    }

    /// <summary>
    /// Get whether the currently logged-in user can read student schedules
    /// </summary>
    /// <returns>Whether they can read student schedules</returns>
    [HttpGet]
    [Route("canreadstudent")]
    public async Task<ActionResult<bool>> GetCanReadStudentSchedules()
    {
        var groups = AuthUtils.GetGroups(User);
        return accountService.CanISeeStudentSchedule(groups);
    }
}