| | | 1 | | using Chronicis.Api.Services; |
| | | 2 | | using Chronicis.Shared.DTOs; |
| | | 3 | | using Microsoft.AspNetCore.Authorization; |
| | | 4 | | using Microsoft.AspNetCore.Mvc; |
| | | 5 | | |
| | | 6 | | namespace Chronicis.Api.Controllers; |
| | | 7 | | |
| | | 8 | | /// <summary> |
| | | 9 | | /// API endpoints restricted to system administrators. |
| | | 10 | | /// Authorization is enforced inside <see cref="IAdminService"/>; the controller |
| | | 11 | | /// maps <see cref="UnauthorizedAccessException"/> to 403 Forbidden. |
| | | 12 | | /// </summary> |
| | | 13 | | [ApiController] |
| | | 14 | | [Route("admin")] |
| | | 15 | | [Authorize] |
| | | 16 | | public class AdminController : ControllerBase |
| | | 17 | | { |
| | | 18 | | private readonly IAdminService _adminService; |
| | | 19 | | private readonly ILogger<AdminController> _logger; |
| | | 20 | | |
| | 5 | 21 | | public AdminController(IAdminService adminService, ILogger<AdminController> logger) |
| | | 22 | | { |
| | 5 | 23 | | _adminService = adminService; |
| | 5 | 24 | | _logger = logger; |
| | 5 | 25 | | } |
| | | 26 | | |
| | | 27 | | /// <summary> |
| | | 28 | | /// GET /admin/worlds — returns a summary of every world in the system. |
| | | 29 | | /// </summary> |
| | | 30 | | [HttpGet("worlds")] |
| | | 31 | | public async Task<ActionResult<List<AdminWorldSummaryDto>>> GetWorlds() |
| | | 32 | | { |
| | | 33 | | try |
| | | 34 | | { |
| | | 35 | | var summaries = await _adminService.GetAllWorldSummariesAsync(); |
| | | 36 | | return Ok(summaries); |
| | | 37 | | } |
| | | 38 | | catch (UnauthorizedAccessException) |
| | | 39 | | { |
| | | 40 | | _logger.LogWarningSanitized("Unauthorized attempt to access admin world listing"); |
| | | 41 | | return Forbid(); |
| | | 42 | | } |
| | | 43 | | } |
| | | 44 | | |
| | | 45 | | /// <summary> |
| | | 46 | | /// DELETE /admin/worlds/{id} — permanently deletes a world and all its data. |
| | | 47 | | /// </summary> |
| | | 48 | | [HttpDelete("worlds/{id:guid}")] |
| | | 49 | | public async Task<IActionResult> DeleteWorld(Guid id) |
| | | 50 | | { |
| | | 51 | | try |
| | | 52 | | { |
| | | 53 | | var deleted = await _adminService.DeleteWorldAsync(id); |
| | | 54 | | return deleted ? NoContent() : NotFound(new { error = "World not found" }); |
| | | 55 | | } |
| | | 56 | | catch (UnauthorizedAccessException) |
| | | 57 | | { |
| | | 58 | | _logger.LogWarningSanitized("Unauthorized attempt to delete world {WorldId}", id); |
| | | 59 | | return Forbid(); |
| | | 60 | | } |
| | | 61 | | } |
| | | 62 | | } |