Merge pull request #103 from boolean-uk/89-backend---add-new-endpoints-for-comment-functionality

89 backend   add new endpoints for comment functionality

Author: reduan-azouaghe

exercise.tests/IntegrationTests/PostTests.cs

@@ -82,8 +82,6 @@ public async Task Register_success(string username, string email, string passwor
         public async Task Register_Failure(string username, string email, string password)
         {
             var uniqueId = DateTime.UtcNow.ToString("yyMMddHHmmssffff");
-            string firstName = "Ole";
-            string lastName = "Petterson";
 
             string uniqueUsername = username.Length > 0 ? username + uniqueId : "";
             RegisterRequestDTO body = new RegisterRequestDTO

exercise.tests/IntegrationTests/UserTests.cs

@@ -0,0 +1,10 @@
+using exercise.wwwapi.DTOs.GetUsers;
+
+namespace exercise.wwwapi.DTOs.Posts
+{
+    public class CreatePostCommentDTO
+    {
+        //public required int Userid { get; set; }
+        public required string Content { get; set; }
+    }
+}

exercise.wwwapi/DTOs/Posts/CreatePostCommentDTO.cs

@@ -2,7 +2,6 @@
 {
     public class CreatePostDTO
     {
-        public required int Userid { get; set; }
         public required string Content { get; set; }
 
     }

exercise.wwwapi/DTOs/Posts/CreatePostDTO.cs

@@ -56,12 +56,11 @@ public class PostData
         };
         DateTime somedate = new DateTime(2020, 12, 05, 0, 0, 0, DateTimeKind.Utc);
         private List<Post> _posts = new List<Post>();
-        private int numusers = 300;
         public PostData(List<User> users)
         {
             Random random = new Random(1);
-
-            for (int i = 1; i < 25; i++)
+            
+            for (int i = 1; i < users.Count / 5; i++)
             {
                 string subject = _subject[random.Next(9 - 1)];
                 string obj = _objects[random.Next(16 - 1)];

exercise.wwwapi/Data/PostData.cs

@@ -2,10 +2,13 @@
 using exercise.wwwapi.DTOs;
 using exercise.wwwapi.DTOs.GetUsers;
 using exercise.wwwapi.DTOs.Posts;
+using exercise.wwwapi.Helpers;
 using exercise.wwwapi.Models;
 using exercise.wwwapi.Repository;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
+using System.Security.Claims;
 
 namespace exercise.wwwapi.Endpoints
 {
@@ -16,68 +19,101 @@ public static void ConfigurePostEndpoints(this WebApplication app)
             var posts = app.MapGroup("posts");
             posts.MapPost("/", CreatePost).WithSummary("Create post");
             posts.MapGet("/", GetAllPosts).WithSummary("Get all posts");
-            posts.MapPatch("/{id}", UpdatePost).WithSummary("Update a certain post");
-            posts.MapDelete("/{id}", DeletePost).WithSummary("Remove a certain post");
+            posts.MapPatch("/{postid}", UpdatePost).WithSummary("Update a certain post");
+            posts.MapDelete("/{postid}", DeletePost).WithSummary("Remove a certain post");
+
+            posts.MapPost("/{postId}/comments", AddCommentToPost).WithSummary("Add a new comment to a post");
+            posts.MapGet("/{postId}/comments", GetCommentsForPost).WithSummary("Get comments for a specific post");
+
+            // Standalone comment endpoints for editing/deleting
+            var comments = app.MapGroup("comments");
+            comments.MapPatch("/{commentId}", UpdateComment).WithSummary("Edit an existing comment");
+            comments.MapDelete("/{commentId}", DeleteCommentById).WithSummary("Remove an existing comment");
+
+            // Endpoints to get by user
+            posts.MapGet("/user/{userId}", GetPostsByUser).WithSummary("Get posts by a specific user");
+            comments.MapGet("/user/{userId}", GetCommentsByUser).WithSummary("Get comments by a specific user");
         }
 
+        [Authorize]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         [ProducesResponseType(StatusCodes.Status400BadRequest)]
-        public static IResult CreatePost(IRepository<User> userservice, IRepository<Post> postservice, IMapper mapper, CreatePostDTO request)
+        public static IResult CreatePost(
+            IRepository<User> userservice, 
+            IRepository<Post> postservice, 
+            IMapper mapper, 
+            ClaimsPrincipal user,
+            CreatePostDTO request
+            )
         {
-
-            User? user = userservice.GetById(request.Userid);
+            int? userid = user.UserRealId();
+            User? dbUser = userservice.GetById(userid);
             if (user == null)
                 return Results.NotFound(new ResponseDTO<Object> { Message = "Invalid userID" });
 
             if (string.IsNullOrWhiteSpace(request.Content))
                 return Results.BadRequest(new ResponseDTO<Object> { Message = "Content cannot be empty" });
 
-            Post post = new Post() { CreatedAt = DateTime.UtcNow, NumLikes = 0, UserId = request.Userid, Content = request.Content };
+            Post post = new Post() { CreatedAt = DateTime.UtcNow, NumLikes = 0, UserId= dbUser.Id, Content=request.Content };
 
             // is a try catch needed here?
             postservice.Insert(post);
             postservice.Save();
 
 
-            UserBasicDTO userBasicDTO = mapper.Map<UserBasicDTO>(user);
+            UserBasicDTO userBasicDTO = mapper.Map<UserBasicDTO>(dbUser);
             PostDTO postDTO = mapper.Map<PostDTO>(post);
             postDTO.User = userBasicDTO;
 
             ResponseDTO<PostDTO> response = new ResponseDTO<PostDTO>
             {
-                Message = "success",
+                Message = "Success",
                 Data = postDTO
             };
 
             return Results.Created($"/posts/{post.Id}", response);
         }
+        [Authorize]
         [ProducesResponseType(StatusCodes.Status200OK)]
         public static IResult GetAllPosts(IRepository<Post> service, IMapper mapper)
         {
             IEnumerable<Post> results = service.GetWithIncludes(q => q.Include(p => p.User).Include(p => p.Comments).ThenInclude(c => c.User));
             IEnumerable<PostDTO> postDTOs = mapper.Map<IEnumerable<PostDTO>>(results);
             ResponseDTO<IEnumerable<PostDTO>> response = new ResponseDTO<IEnumerable<PostDTO>>()
             {
-                Message = "success",
+                Message = "Success",
                 Data = postDTOs
             };
             return TypedResults.Ok(response);
         }
 
+        [Authorize]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status400BadRequest)]
-        public static IResult UpdatePost(IRepository<Post> service, IMapper mapper, int id, UpdatePostDTO request)
-        {
-            if (string.IsNullOrWhiteSpace(request.Content)) return TypedResults.BadRequest(new ResponseDTO<object>
-            {
-                Message = "Content cannot be empty"
-            });
+        [ProducesResponseType(StatusCodes.Status403Forbidden)]
 
-            Post? post = service.GetById(id, q => q.Include(p => p.User));
+        public static IResult UpdatePost(IRepository<Post> service, IMapper mapper, ClaimsPrincipal user, int postid, UpdatePostDTO request)
+        {
+            if (string.IsNullOrWhiteSpace(request.Content)) return TypedResults.BadRequest(new ResponseDTO<object>{
+                    Message = "Content cannot be empty"
+                });
+            
+            Post? post = service.GetById(postid, q=>q.Include(p => p.User));
 
             if (post == null) return TypedResults.NotFound(new ResponseDTO<Object> { Message = "Post not found" });
 
+            Console.WriteLine($"Role:{user.Role()} {Roles.student}| {post.UserId} {user.UserRealId()}");
+            if (post.UserId != user.UserRealId() && user.Role() == (int)Roles.student)
+            {
+                var forbiddenResponse = new ResponseDTO<object>
+                {
+                    Message = "You are not authorized to edit this post."
+                };
+                return TypedResults.Json(forbiddenResponse, statusCode: StatusCodes.Status403Forbidden);
+            }
+
+
             post.Content = request.Content;
             post.UpdatedAt = DateTime.UtcNow;
 
@@ -90,17 +126,186 @@ public static IResult UpdatePost(IRepository<Post> service, IMapper mapper, int
             return TypedResults.Ok(new ResponseDTO<PostDTO> { Message = "Success", Data = postDTO });
         }
 
+        [Authorize]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        private static IResult DeletePost(IRepository<Post> service, int id)
+        [ProducesResponseType(StatusCodes.Status403Forbidden)]
+        private static IResult DeletePost(IRepository<Post> service, ClaimsPrincipal user, int postid)
         {
-            Post? post = service.GetById(id, q => q.Include(p => p.User).Include(p => p.Comments).ThenInclude(c => c.User));
+            Post? post = service.GetById(postid, q => q.Include(p => p.User).Include(p => p.Comments).ThenInclude(c => c.User));
             if (post == null) return TypedResults.NotFound(new ResponseDTO<Object> { Message = "Post not found" });
 
-            service.Delete(id);
+            if (user.Role() == (int)Roles.student && post.UserId != user.UserRealId())
+            {
+                var forbiddenResponse = new ResponseDTO<object>
+                {
+                    Message = "You are not authorized to delete this post."
+                };
+                return TypedResults.Json(forbiddenResponse, statusCode: StatusCodes.Status403Forbidden);
+            }
+            service.Delete(postid);
             service.Save();
 
             return TypedResults.Ok(new ResponseDTO<PostDTO> { Message = "Success" });
         }
+
+        [Authorize]
+        [ProducesResponseType(StatusCodes.Status201Created)]
+        [ProducesResponseType(StatusCodes.Status404NotFound)]
+        [ProducesResponseType(StatusCodes.Status400BadRequest)]
+        private static IResult AddCommentToPost(
+            IRepository<PostComment> commentService, 
+            IRepository<Post> postService, 
+            IRepository<User> userService, 
+            IMapper mapper, 
+            ClaimsPrincipal user,
+            int postId, 
+            CreatePostCommentDTO request)
+        {
+            // Check if post exists
+            var post = postService.GetById(postId);
+            if (post == null)
+            {
+                return TypedResults.NotFound(new ResponseDTO<object> { Message = "Post not found." });
+            }
+
+            // Check if user exists
+            var dbUser = userService.GetById(user.UserRealId());
+            if (dbUser == null)
+            {
+                return TypedResults.NotFound(new ResponseDTO<object> { Message = "User not found." });
+            }
+
+            // Validate content
+            if (string.IsNullOrWhiteSpace(request.Content))
+            {
+                return TypedResults.BadRequest(new ResponseDTO<object> { Message = "Comment content cannot be empty." });
+            }
+
+            var comment = new PostComment
+            {
+                Content = request.Content,
+                UserId = dbUser.Id,
+                PostId = postId,
+                CreatedAt = DateTime.UtcNow
+            };
+
+            commentService.Insert(comment);
+            commentService.Save();
+
+            var createdComment = commentService.GetById(comment.Id, q => q.Include(c => c.User));
+            var commentDto = mapper.Map<PostCommentDTO>(createdComment);
+
+            return TypedResults.Created($"/comments/{comment.Id}", new ResponseDTO<PostCommentDTO> { Message = "Success", Data = commentDto });
+        }
+
+        [Authorize]
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        private static IResult GetCommentsForPost(IRepository<Post> postservice, IMapper mapper, int postId)
+        {
+            Post? post = postservice.GetById(postId, q => q.Include(p => p.User).Include(p => p.Comments).ThenInclude(c => c.User));
+            if (post == null) return TypedResults.NotFound(new ResponseDTO<Object> { Message = "Post not found" });
+            List<PostComment> comments = [.. post.Comments];
+            List<PostCommentDTO> commentsDTO = mapper.Map<List<PostCommentDTO>>(comments);
+            return TypedResults.Ok(new ResponseDTO<List<PostCommentDTO>> { Message = "Success", Data = commentsDTO });
+        }
+
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status404NotFound)]
+        [ProducesResponseType(StatusCodes.Status400BadRequest)]
+        private static IResult UpdateComment(
+            IRepository<PostComment> service, 
+            IMapper mapper, 
+            ClaimsPrincipal user, 
+            int commentId, 
+            CreatePostCommentDTO request)
+        {
+            if (string.IsNullOrWhiteSpace(request.Content))
+            {
+                return TypedResults.BadRequest(new ResponseDTO<object> { Message = "Content cannot be empty." });
+            }
+
+            var comment = service.GetById(commentId, q => q.Include(c => c.User));
+            if (comment == null) return TypedResults.NotFound(new ResponseDTO<object> { Message = "Comment not found." });
+
+            //Console.WriteLine($"Role:{user.Role()} {Roles.student.ToString()}| {comment.UserId} {user.UserRealId()}");
+            if (comment.UserId != user.UserRealId() && user.Role() == (int)Roles.student)
+            {
+                var forbiddenResponse = new ResponseDTO<object>
+                {
+                    Message = "You are not authorized to edit this comment."
+                };
+                return TypedResults.Json(forbiddenResponse, statusCode: StatusCodes.Status403Forbidden);
+            }
+
+            comment.Content = request.Content;
+            comment.UpdatedAt = DateTime.UtcNow;
+
+            service.Update(comment);
+            service.Save();
+
+            var commentDto = mapper.Map<PostComment>(comment);
+            return TypedResults.Ok(new ResponseDTO<PostComment> { Message = "Comment updated successfully.", Data = commentDto });
+        }
+
+        [Authorize]
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status404NotFound)]
+        private static IResult DeleteCommentById(IRepository<PostComment> service, ClaimsPrincipal user, int commentId)
+        {
+            var comment = service.GetById(commentId);
+            if (comment == null)
+            {
+                return TypedResults.NotFound(new ResponseDTO<object> { Message = "Comment not found." });
+            }
+
+            if (user.Role() == (int)Roles.student && comment.UserId != user.UserRealId())
+            {
+                var forbiddenResponse = new ResponseDTO<object>
+                {
+                    Message = "You are not authorized to delete this comment."
+                };
+                return TypedResults.Json(forbiddenResponse, statusCode: StatusCodes.Status403Forbidden);
+            }
+
+            service.Delete(commentId);
+            service.Save();
+
+            return TypedResults.Ok(new ResponseDTO<object> { Message = "Comment deleted successfully." });
+        }
+
+        [Authorize]
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status404NotFound)]
+        private static IResult GetPostsByUser(IRepository<Post> service, IMapper mapper, int userid)
+        {
+            IEnumerable<Post> results = service.GetWithIncludes(q => q.Where(p => p.UserId == userid).Include(p => p.User).Include(p => p.Comments).ThenInclude(c => c.User));
+            if (results.Count() == 0) return TypedResults.NotFound(new ResponseDTO<Object> { Message = "No posts found for this user" });
+
+            IEnumerable<PostDTO> postDTOs = mapper.Map<IEnumerable<PostDTO>>(results);
+            ResponseDTO<IEnumerable<PostDTO>> response = new ResponseDTO<IEnumerable<PostDTO>>()
+            {
+                Message = "Success",
+                Data = postDTOs
+            };
+            return TypedResults.Ok(response);
+        }
+
+        [Authorize]
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status404NotFound)]
+        private static IResult GetCommentsByUser(IRepository<PostComment> service, IMapper mapper, int userid)
+        {
+            IEnumerable<PostComment> results = service.GetWithIncludes(q => q.Where(p => p.UserId == userid).Include(p => p.User));
+            if (results.Count() == 0) return TypedResults.NotFound(new ResponseDTO<Object> { Message = "No comments found for this user" });
+
+            IEnumerable<PostCommentDTO> PostCommentDTOs = mapper.Map<IEnumerable<PostCommentDTO>>(results);
+            ResponseDTO<IEnumerable<PostCommentDTO>> response = new ResponseDTO<IEnumerable<PostCommentDTO>>()
+            {
+                Message = "Success",
+                Data = PostCommentDTOs
+            };
+            return TypedResults.Ok(response);
+        }
     }
 }