using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Microsoft.EntityFrameworkCore; using OnProfNext.Server.Data; using OnProfNext.Shared.Models; using OnProfNext.Shared.Models.DTOs; namespace OnProfNext.Server.Controllers { [Route("api/[controller]")] [ApiController] [Authorize] public class OrdersController : ControllerBase { private readonly AppDbContext _context; public OrdersController(AppDbContext context) { _context = context; } [HttpGet("byproject/{projectId}")] public async Task>> GetOrdersByProject(int projectId) { var orders = await _context.Orders .Include(o => o.OrderUsers) .ThenInclude(ou => ou.User) .Where(o => o.ProjectId == projectId) .AsNoTracking() .Select(o => new OrderDto { Id = o.Id, ProjectId = o.ProjectId, Auftragsnummer = o.Auftragsnummer, Titel = o.Titel, Status = o.Status, Planstunden = o.Planstunden, Iststunden = o.Iststunden, MandantId = o.MandantId, Mitarbeiter = o.OrderUsers .Select(ou => new UserDto { Id = ou.User!.Id, Username = ou.User.Username, FirstName = ou.User.FirstName, LastName = ou.User.LastName, Email = ou.User.Email }).ToList() }) .ToListAsync(); return Ok(orders); } // GET: api/orders/5 [HttpGet("{id}")] public async Task> GetOrder(int id) { var order = await _context.Orders .Include(o => o.OrderUsers) .ThenInclude(ou => ou.User) .AsNoTracking() .FirstOrDefaultAsync(o => o.Id == id); if (order == null) return NotFound(); var dto = new OrderDto { Id = order.Id, ProjectId = order.ProjectId, Auftragsnummer = order.Auftragsnummer, Titel = order.Titel, Status = order.Status, Planstunden = order.Planstunden, Iststunden = order.Iststunden, Projektcode = order.Projektcode, MandantId = order.MandantId, CreatedAt = order.CreatedAt, UpdatedAt = order.UpdatedAt, Mitarbeiter = order.OrderUsers .Select(ou => new UserDto { Id = ou.User!.Id, Username = ou.User.Username, FirstName = ou.User.FirstName, LastName = ou.User.LastName, Email = ou.User.Email }).ToList() }; return Ok(dto); } // POST: api/orders [HttpPost] public async Task> CreateOrder(OrderCreateDto dto) { var order = new Order { ProjectId = dto.ProjectId, Auftragsnummer = dto.Auftragsnummer, Titel = dto.Titel, Status = dto.Status, Planstunden = dto.Planstunden, Iststunden = 0, MandantId = dto.MandantId, CreatedAt = DateTime.UtcNow, UpdatedAt = DateTime.UtcNow }; _context.Orders.Add(order); await _context.SaveChangesAsync(); // Mitarbeiter zuordnen if (dto.UserIds != null && dto.UserIds.Any()) { var relations = dto.UserIds.Select(uid => new OrderUser { OrderId = order.Id, UserId = uid }); _context.OrderUsers.AddRange(relations); await _context.SaveChangesAsync(); } // Antwort zusammenbauen var createdDto = new OrderDto { Id = order.Id, ProjectId = order.ProjectId, Auftragsnummer = order.Auftragsnummer, Titel = order.Titel, Status = order.Status, Planstunden = order.Planstunden, Iststunden = order.Iststunden, MandantId = order.MandantId, CreatedAt = order.CreatedAt, UpdatedAt = order.UpdatedAt }; return CreatedAtAction(nameof(GetOrder), new { id = order.Id }, createdDto); } //PUT: api/orders/5 [HttpPut("{id}")] public async Task UpdateOrder(int id, OrderDto dto) { var order = await _context.Orders.FindAsync(id); if (order == null) return NotFound(); order.Titel = dto.Titel; order.Status = dto.Status; order.Planstunden = dto.Planstunden; order.Iststunden = dto.Iststunden; order.Projektcode = dto.Projektcode; order.UpdatedAt = DateTime.UtcNow; await _context.SaveChangesAsync(); return NoContent(); } // DELETE: api/orders/5 [HttpDelete("{id}")] public async Task DeleteOrder(int id) { var order = await _context.Orders .Include(o => o.OrderUsers) .FirstOrDefaultAsync(o => o.Id == id); if (order == null) return NotFound(); _context.OrderUsers.RemoveRange(order.OrderUsers); _context.Orders.Remove(order); await _context.SaveChangesAsync(); return NoContent(); } private int GetCurrentUserId() { var userIdClaim = User.FindFirst("UserId")?.Value; if (string.IsNullOrEmpty(userIdClaim)) throw new UnauthorizedAccessException("Kein User-Claim im Token gefunden."); return int.Parse(userIdClaim); } [HttpGet("mine")] public async Task>> GetMyOrders() { var userId = GetCurrentUserId(); var orders = await _context.Orders .Include(o => o.OrderUsers) .ThenInclude(ou => ou.User) .Where(o => o.OrderUsers.Any(ou => ou.UserId == userId)) .AsNoTracking() .Select(o => new OrderDto { Id = o.Id, ProjectId = o.ProjectId, Auftragsnummer = o.Auftragsnummer, Titel = o.Titel, Status = o.Status, Planstunden = o.Planstunden, Iststunden = o.Iststunden, Projektcode = o.Projektcode, MandantId = o.MandantId, CreatedAt = o.CreatedAt, UpdatedAt = o.UpdatedAt, Mitarbeiter = o.OrderUsers .Select(ou => new UserDto { Id = ou.User!.Id, Username = ou.User.Username, FirstName = ou.User.FirstName, LastName = ou.User.LastName, Email = ou.User.Email }).ToList() }) .ToListAsync(); return Ok(orders); } } }