@onahhas/hello-dev 1.0.0 → 1.0.1

package/backend/Controllers/TasksController.cs

@@ -0,0 +1,652 @@
+using DevTasks.Api.Data;
+using DevTasks.Api.Dtos;
+using DevTasks.Api.Enums;
+using DevTasks.Api.Extensions;
+using DevTasks.Api.Models;
+using DevTasks.Api.Services;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.EntityFrameworkCore;
+
+namespace DevTasks.Api.Controllers;
+
+[ApiController]
+[Route("api/[controller]")]
+[Authorize]
+public sealed class TasksController : ControllerBase
+{
+    private readonly AppDbContext _db;
+    private readonly ActivityService _activity;
+
+    public TasksController(AppDbContext db, ActivityService activity)
+    {
+        _db = db;
+        _activity = activity;
+    }
+
+    [HttpGet("my")]
+    public async Task<ActionResult<IReadOnlyList<TaskResponse>>> GetMyTasks([FromQuery] TaskQuery query)
+    {
+        var userId = User.GetUserId();
+        var tasks = BaseQuery()
+            .Where(x => x.CreatedByUserId == userId || x.AssignedToUserId == userId);
+
+        tasks = ApplyFilters(tasks, query);
+        return Ok(await ToListAsync(tasks));
+    }
+
+    [HttpGet("public")]
+    public async Task<ActionResult<IReadOnlyList<TaskResponse>>> GetPublicTasks([FromQuery] TaskQuery query)
+    {
+        var tasks = BaseQuery().Where(x => x.Visibility == TaskVisibility.Public);
+        tasks = ApplyFilters(tasks, query);
+        return Ok(await ToListAsync(tasks));
+    }
+
+    [HttpGet("all")]
+    [Authorize(Roles = nameof(UserRole.Admin))]
+    public async Task<ActionResult<IReadOnlyList<TaskResponse>>> GetAllTasks([FromQuery] TaskQuery query)
+    {
+        var tasks = ApplyFilters(BaseQuery(), query);
+        return Ok(await ToListAsync(tasks));
+    }
+
+    [HttpGet("edit-requests/inbox")]
+    public async Task<ActionResult<IReadOnlyList<TaskEditRequestResponse>>> GetEditRequestInbox()
+    {
+        var userId = User.GetUserId();
+        var isAdmin = User.IsAdmin();
+
+        var requests = EditRequestBaseQuery()
+            .Where(x => isAdmin || x.TaskItem!.CreatedByUserId == userId)
+            .OrderByDescending(x => x.StatusOfRequest == EditRequestStatus.Pending)
+            .ThenByDescending(x => x.CreatedAt);
+
+        return Ok((await requests.ToListAsync()).Select(ToEditRequestResponse).ToList());
+    }
+
+    [HttpGet("edit-requests/mine")]
+    public async Task<ActionResult<IReadOnlyList<TaskEditRequestResponse>>> GetMyEditRequests()
+    {
+        var userId = User.GetUserId();
+
+        var requests = await EditRequestBaseQuery()
+            .Where(x => x.RequestedByUserId == userId)
+            .OrderByDescending(x => x.CreatedAt)
+            .ToListAsync();
+
+        return Ok(requests.Select(ToEditRequestResponse).ToList());
+    }
+
+    [HttpGet("{id:int}")]
+    public async Task<ActionResult<TaskResponse>> GetTask(int id)
+    {
+        var item = await BaseQuery().FirstOrDefaultAsync(x => x.Id == id);
+        if (item is null)
+        {
+            return NotFound(new { message = "Task was not found." });
+        }
+
+        var userId = User.GetUserId();
+        if (!CanRead(item, userId, User.IsAdmin()))
+        {
+            return Forbid();
+        }
+
+        return Ok(ToResponse(item));
+    }
+
+    [HttpPost]
+    public async Task<ActionResult<TaskResponse>> CreateTask(CreateTaskRequest request)
+    {
+        var validation = await ValidateTaskInputAsync(request.Title, request.AssignedToUserId);
+        if (validation is not null)
+        {
+            return BadRequest(new { message = validation });
+        }
+
+        var userId = User.GetUserId();
+        var assignedTo = request.AssignedToUserId;
+
+        if (!User.IsAdmin() && assignedTo.HasValue && assignedTo.Value != userId)
+        {
+            return Forbid();
+        }
+
+        var item = new TaskItem
+        {
+            Title = request.Title.Trim(),
+            Description = request.Description.Trim(),
+            Status = request.Status,
+            Priority = request.Priority,
+            Visibility = request.Visibility,
+            DueDate = request.DueDate,
+            CreatedByUserId = userId,
+            AssignedToUserId = assignedTo,
+            CreatedAt = DateTime.UtcNow,
+            UpdatedAt = DateTime.UtcNow
+        };
+
+        _db.TaskItems.Add(item);
+        await _db.SaveChangesAsync();
+        await _activity.AddAsync("Task created", "Task", item.Id.ToString(), userId);
+
+        var created = await BaseQuery().FirstAsync(x => x.Id == item.Id);
+        return CreatedAtAction(nameof(GetTask), new { id = item.Id }, ToResponse(created));
+    }
+
+    [HttpPut("{id:int}")]
+    public async Task<ActionResult<TaskResponse>> UpdateTask(int id, UpdateTaskRequest request)
+    {
+        var item = await BaseQuery(trackChanges: true).FirstOrDefaultAsync(x => x.Id == id);
+        if (item is null)
+        {
+            return NotFound(new { message = "Task was not found." });
+        }
+
+        var userId = User.GetUserId();
+        if (!CanWrite(item, userId, User.IsAdmin()))
+        {
+            return Forbid();
+        }
+
+        var validation = await ApplyTaskChangesAsync(item, request, userId, User.IsAdmin());
+        if (validation is not null)
+        {
+            return BadRequest(new { message = validation });
+        }
+
+        item.UpdatedAt = DateTime.UtcNow;
+        await _db.SaveChangesAsync();
+        await _activity.AddAsync("Task updated", "Task", item.Id.ToString(), userId);
+
+        var updated = await BaseQuery().FirstAsync(x => x.Id == item.Id);
+        return Ok(ToResponse(updated));
+    }
+
+    [HttpPatch("{id:int}/status")]
+    public async Task<ActionResult<TaskResponse>> UpdateStatus(int id, UpdateTaskStatusRequest request)
+    {
+        var item = await BaseQuery(trackChanges: true).FirstOrDefaultAsync(x => x.Id == id);
+        if (item is null)
+        {
+            return NotFound(new { message = "Task was not found." });
+        }
+
+        var userId = User.GetUserId();
+        var canChange = CanWrite(item, userId, User.IsAdmin()) || item.AssignedToUserId == userId;
+        if (!canChange)
+        {
+            return Forbid();
+        }
+
+        var oldStatus = item.Status;
+        item.Status = request.Status;
+        item.UpdatedAt = DateTime.UtcNow;
+
+        await _db.SaveChangesAsync();
+        await _activity.AddAsync($"Task status changed from {oldStatus} to {item.Status}", "Task", item.Id.ToString(), userId);
+
+        var updated = await BaseQuery().FirstAsync(x => x.Id == item.Id);
+        return Ok(ToResponse(updated));
+    }
+
+    [HttpDelete("{id:int}")]
+    public async Task<IActionResult> DeleteTask(int id)
+    {
+        var item = await _db.TaskItems.FindAsync(id);
+        if (item is null)
+        {
+            return NotFound(new { message = "Task was not found." });
+        }
+
+        var userId = User.GetUserId();
+        if (!CanWrite(item, userId, User.IsAdmin()))
+        {
+            return Forbid();
+        }
+
+        _db.TaskItems.Remove(item);
+        await _db.SaveChangesAsync();
+        await _activity.AddAsync("Task deleted", "Task", id.ToString(), userId);
+
+        return NoContent();
+    }
+
+    [HttpPost("{id:int}/edit-requests")]
+    public async Task<ActionResult<TaskEditRequestResponse>> CreateEditRequest(int id, CreateTaskEditRequest request)
+    {
+        var item = await BaseQuery(trackChanges: true).FirstOrDefaultAsync(x => x.Id == id);
+        if (item is null)
+        {
+            return NotFound(new { message = "Task was not found." });
+        }
+
+        var userId = User.GetUserId();
+        if (item.Visibility != TaskVisibility.Public)
+        {
+            return BadRequest(new { message = "Only public tasks can receive edit requests." });
+        }
+
+        if (CanWrite(item, userId, User.IsAdmin()))
+        {
+            return BadRequest(new { message = "Task owners and admins can edit the task directly." });
+        }
+
+        if (!CanRead(item, userId, User.IsAdmin()))
+        {
+            return Forbid();
+        }
+
+        var validation = await ValidateEditRequestAsync(request);
+        if (validation is not null)
+        {
+            return BadRequest(new { message = validation });
+        }
+
+        var editRequest = new TaskEditRequest
+        {
+            TaskItemId = item.Id,
+            RequestedByUserId = userId,
+            Title = request.Title?.Trim(),
+            Description = request.Description?.Trim(),
+            Status = request.Status,
+            Priority = request.Priority,
+            Visibility = request.Visibility,
+            DueDate = request.DueDate,
+            ClearDueDate = request.ClearDueDate,
+            AssignedToUserId = request.AssignedToUserId,
+            ClearAssignedUser = request.ClearAssignedUser,
+            StatusOfRequest = EditRequestStatus.Pending,
+            CreatedAt = DateTime.UtcNow
+        };
+
+        _db.TaskEditRequests.Add(editRequest);
+        await _db.SaveChangesAsync();
+        await _activity.AddAsync("Task edit requested", "Task", item.Id.ToString(), userId);
+
+        var created = await EditRequestBaseQuery().FirstAsync(x => x.Id == editRequest.Id);
+        return Ok(ToEditRequestResponse(created));
+    }
+
+    [HttpPost("edit-requests/{requestId:guid}/accept")]
+    public async Task<ActionResult<TaskEditRequestResponse>> AcceptEditRequest(Guid requestId, ResolveTaskEditRequest request)
+    {
+        var editRequest = await EditRequestBaseQuery(trackChanges: true)
+            .FirstOrDefaultAsync(x => x.Id == requestId);
+        if (editRequest?.TaskItem is null)
+        {
+            return NotFound(new { message = "Edit request was not found." });
+        }
+
+        var userId = User.GetUserId();
+        if (!CanWrite(editRequest.TaskItem, userId, User.IsAdmin()))
+        {
+            return Forbid();
+        }
+
+        if (editRequest.StatusOfRequest != EditRequestStatus.Pending)
+        {
+            return BadRequest(new { message = "Only pending edit requests can be accepted." });
+        }
+
+        var validation = await ApplyEditRequestToTaskAsync(editRequest.TaskItem, editRequest);
+        if (validation is not null)
+        {
+            return BadRequest(new { message = validation });
+        }
+
+        editRequest.StatusOfRequest = EditRequestStatus.Accepted;
+        editRequest.OwnerNote = request.OwnerNote?.Trim();
+        editRequest.ResolvedAt = DateTime.UtcNow;
+        editRequest.TaskItem.UpdatedAt = DateTime.UtcNow;
+
+        var otherPendingRequests = await _db.TaskEditRequests
+            .Where(x => x.TaskItemId == editRequest.TaskItemId &&
+                        x.Id != editRequest.Id &&
+                        x.StatusOfRequest == EditRequestStatus.Pending)
+            .ToListAsync();
+
+        foreach (var other in otherPendingRequests)
+        {
+            other.StatusOfRequest = EditRequestStatus.Rejected;
+            other.OwnerNote = "Rejected automatically because another edit request was accepted.";
+            other.ResolvedAt = DateTime.UtcNow;
+        }
+
+        await _db.SaveChangesAsync();
+        await _activity.AddAsync("Task edit request accepted", "Task", editRequest.TaskItemId.ToString(), userId);
+
+        var updated = await EditRequestBaseQuery().FirstAsync(x => x.Id == editRequest.Id);
+        return Ok(ToEditRequestResponse(updated));
+    }
+
+    [HttpPost("edit-requests/{requestId:guid}/reject")]
+    public async Task<ActionResult<TaskEditRequestResponse>> RejectEditRequest(Guid requestId, ResolveTaskEditRequest request)
+    {
+        var editRequest = await EditRequestBaseQuery(trackChanges: true)
+            .FirstOrDefaultAsync(x => x.Id == requestId);
+        if (editRequest?.TaskItem is null)
+        {
+            return NotFound(new { message = "Edit request was not found." });
+        }
+
+        var userId = User.GetUserId();
+        if (!CanWrite(editRequest.TaskItem, userId, User.IsAdmin()))
+        {
+            return Forbid();
+        }
+
+        if (editRequest.StatusOfRequest != EditRequestStatus.Pending)
+        {
+            return BadRequest(new { message = "Only pending edit requests can be rejected." });
+        }
+
+        editRequest.StatusOfRequest = EditRequestStatus.Rejected;
+        editRequest.OwnerNote = request.OwnerNote?.Trim();
+        editRequest.ResolvedAt = DateTime.UtcNow;
+
+        await _db.SaveChangesAsync();
+        await _activity.AddAsync("Task edit request rejected", "Task", editRequest.TaskItemId.ToString(), userId);
+
+        var updated = await EditRequestBaseQuery().FirstAsync(x => x.Id == editRequest.Id);
+        return Ok(ToEditRequestResponse(updated));
+    }
+
+    private IQueryable<TaskItem> BaseQuery(bool trackChanges = false)
+    {
+        IQueryable<TaskItem> query = _db.TaskItems
+            .Include(x => x.CreatedByUser)
+            .Include(x => x.AssignedToUser)
+            .Include(x => x.EditRequests);
+
+        if (!trackChanges)
+        {
+            query = query.AsNoTracking();
+        }
+
+        return query.OrderBy(x => x.Id);
+    }
+
+    private IQueryable<TaskEditRequest> EditRequestBaseQuery(bool trackChanges = false)
+    {
+        IQueryable<TaskEditRequest> query = _db.TaskEditRequests
+            .Include(x => x.TaskItem)
+                .ThenInclude(x => x!.CreatedByUser)
+            .Include(x => x.TaskItem)
+                .ThenInclude(x => x!.AssignedToUser)
+            .Include(x => x.RequestedByUser)
+            .Include(x => x.AssignedToUser);
+
+        if (!trackChanges)
+        {
+            query = query.AsNoTracking();
+        }
+
+        return query;
+    }
+
+    private static IQueryable<TaskItem> ApplyFilters(IQueryable<TaskItem> query, TaskQuery filters)
+    {
+        if (!string.IsNullOrWhiteSpace(filters.Q))
+        {
+            var q = filters.Q.Trim().ToLowerInvariant();
+            query = query.Where(x =>
+                x.Title.ToLower().Contains(q) ||
+                x.Description.ToLower().Contains(q));
+        }
+
+        if (filters.Status.HasValue)
+        {
+            query = query.Where(x => x.Status == filters.Status.Value);
+        }
+
+        if (filters.Priority.HasValue)
+        {
+            query = query.Where(x => x.Priority == filters.Priority.Value);
+        }
+
+        if (filters.Visibility.HasValue)
+        {
+            query = query.Where(x => x.Visibility == filters.Visibility.Value);
+        }
+
+        if (filters.AssignedToUserId.HasValue)
+        {
+            query = query.Where(x => x.AssignedToUserId == filters.AssignedToUserId.Value);
+        }
+
+        if (filters.DueFrom.HasValue)
+        {
+            query = query.Where(x => x.DueDate >= filters.DueFrom.Value);
+        }
+
+        if (filters.DueTo.HasValue)
+        {
+            query = query.Where(x => x.DueDate <= filters.DueTo.Value);
+        }
+
+        return query;
+    }
+
+    private static async Task<IReadOnlyList<TaskResponse>> ToListAsync(IQueryable<TaskItem> query)
+    {
+        var items = await query.ToListAsync();
+        return items.Select(ToResponse).ToList();
+    }
+
+    private static TaskResponse ToResponse(TaskItem item)
+    {
+        return new TaskResponse
+        {
+            Id = item.Id,
+            Title = item.Title,
+            Description = item.Description,
+            Status = item.Status,
+            Priority = item.Priority,
+            Visibility = item.Visibility,
+            DueDate = item.DueDate,
+            CreatedByUserId = item.CreatedByUserId,
+            CreatedByFullName = item.CreatedByUser == null ? "Unknown" : item.CreatedByUser.FullName,
+            AssignedToUserId = item.AssignedToUserId,
+            AssignedToFullName = item.AssignedToUser?.FullName,
+            CreatedAt = item.CreatedAt,
+            UpdatedAt = item.UpdatedAt,
+            IsOverdue = item.DueDate.HasValue && item.DueDate.Value < DateTime.UtcNow && item.Status != TaskState.Done,
+            PendingEditRequestCount = item.EditRequests.Count(x => x.StatusOfRequest == EditRequestStatus.Pending)
+        };
+    }
+
+    private static TaskEditRequestResponse ToEditRequestResponse(TaskEditRequest request)
+    {
+        return new TaskEditRequestResponse
+        {
+            Id = request.Id,
+            TaskId = request.TaskItemId,
+            TaskTitle = request.TaskItem?.Title ?? "Unknown task",
+            RequestedByUserId = request.RequestedByUserId,
+            RequestedByFullName = request.RequestedByUser?.FullName ?? "Unknown",
+            RequestedByEmail = request.RequestedByUser?.Email ?? string.Empty,
+            Title = request.Title,
+            Description = request.Description,
+            Status = request.Status,
+            Priority = request.Priority,
+            Visibility = request.Visibility,
+            DueDate = request.DueDate,
+            ClearDueDate = request.ClearDueDate,
+            AssignedToUserId = request.AssignedToUserId,
+            AssignedToFullName = request.AssignedToUser?.FullName,
+            ClearAssignedUser = request.ClearAssignedUser,
+            StatusOfRequest = request.StatusOfRequest,
+            OwnerNote = request.OwnerNote,
+            CreatedAt = request.CreatedAt,
+            ResolvedAt = request.ResolvedAt
+        };
+    }
+
+    private static bool CanRead(TaskItem item, Guid userId, bool isAdmin)
+    {
+        return isAdmin ||
+               item.Visibility == TaskVisibility.Public ||
+               item.CreatedByUserId == userId ||
+               item.AssignedToUserId == userId;
+    }
+
+    private static bool CanWrite(TaskItem item, Guid userId, bool isAdmin)
+    {
+        return isAdmin || item.CreatedByUserId == userId;
+    }
+
+    private async Task<string?> ApplyTaskChangesAsync(
+        TaskItem item,
+        UpdateTaskRequest request,
+        Guid userId,
+        bool isAdmin)
+    {
+        if (!string.IsNullOrWhiteSpace(request.Title))
+        {
+            item.Title = request.Title.Trim();
+        }
+
+        if (request.Description is not null)
+        {
+            item.Description = request.Description.Trim();
+        }
+
+        if (request.Status.HasValue)
+        {
+            item.Status = request.Status.Value;
+        }
+
+        if (request.Priority.HasValue)
+        {
+            item.Priority = request.Priority.Value;
+        }
+
+        if (request.Visibility.HasValue)
+        {
+            item.Visibility = request.Visibility.Value;
+        }
+
+        if (request.ClearDueDate)
+        {
+            item.DueDate = null;
+        }
+        else if (request.DueDate.HasValue)
+        {
+            item.DueDate = request.DueDate;
+        }
+
+        if (request.ClearAssignedUser)
+        {
+            item.AssignedToUserId = null;
+        }
+        else if (request.AssignedToUserId.HasValue)
+        {
+            var validation = await ValidateAssignedUserAsync(request.AssignedToUserId.Value);
+            if (validation is not null)
+            {
+                return validation;
+            }
+
+            if (!isAdmin && request.AssignedToUserId.Value != userId)
+            {
+                return "Normal users can only assign tasks to themselves.";
+            }
+
+            item.AssignedToUserId = request.AssignedToUserId;
+        }
+
+        return null;
+    }
+
+    private async Task<string?> ApplyEditRequestToTaskAsync(TaskItem item, TaskEditRequest request)
+    {
+        if (!string.IsNullOrWhiteSpace(request.Title))
+        {
+            item.Title = request.Title.Trim();
+        }
+
+        if (request.Description is not null)
+        {
+            item.Description = request.Description.Trim();
+        }
+
+        if (request.Status.HasValue)
+        {
+            item.Status = request.Status.Value;
+        }
+
+        if (request.Priority.HasValue)
+        {
+            item.Priority = request.Priority.Value;
+        }
+
+        if (request.Visibility.HasValue)
+        {
+            item.Visibility = request.Visibility.Value;
+        }
+
+        if (request.ClearDueDate)
+        {
+            item.DueDate = null;
+        }
+        else if (request.DueDate.HasValue)
+        {
+            item.DueDate = request.DueDate;
+        }
+
+        if (request.ClearAssignedUser)
+        {
+            item.AssignedToUserId = null;
+        }
+        else if (request.AssignedToUserId.HasValue)
+        {
+            var validation = await ValidateAssignedUserAsync(request.AssignedToUserId.Value);
+            if (validation is not null)
+            {
+                return validation;
+            }
+
+            item.AssignedToUserId = request.AssignedToUserId;
+        }
+
+        return null;
+    }
+
+    private async Task<string?> ValidateTaskInputAsync(string title, Guid? assignedToUserId)
+    {
+        if (string.IsNullOrWhiteSpace(title))
+        {
+            return "Task title is required.";
+        }
+
+        if (assignedToUserId.HasValue)
+        {
+            return await ValidateAssignedUserAsync(assignedToUserId.Value);
+        }
+
+        return null;
+    }
+
+    private async Task<string?> ValidateEditRequestAsync(CreateTaskEditRequest request)
+    {
+        if (request.Title is not null && string.IsNullOrWhiteSpace(request.Title))
+        {
+            return "Title cannot be empty.";
+        }
+
+        if (request.AssignedToUserId.HasValue)
+        {
+            return await ValidateAssignedUserAsync(request.AssignedToUserId.Value);
+        }
+
+        return null;
+    }
+
+    private async Task<string?> ValidateAssignedUserAsync(Guid assignedToUserId)
+    {
+        var exists = await _db.Users.AnyAsync(x => x.Id == assignedToUserId && x.IsActive);
+        return exists ? null : "Assigned user was not found or is inactive.";
+    }
+}