213 lines
8.2 KiB
C#
213 lines
8.2 KiB
C#
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using Microsoft.EntityFrameworkCore;
|
|
using PowderCoating.Application.Interfaces;
|
|
using PowderCoating.Core.Entities;
|
|
using PowderCoating.Infrastructure.Data;
|
|
using PowderCoating.Shared.Constants;
|
|
|
|
namespace PowderCoating.Web.Controllers;
|
|
|
|
/// <summary>
|
|
/// Manages the platform changelog / release notes feed.
|
|
/// <para>
|
|
/// Has two access tiers: the public changelog (<see cref="Index"/>) is available
|
|
/// to any authenticated tenant user so they can review what has changed; the
|
|
/// management actions (Create, Edit, TogglePublish, Delete) are restricted to
|
|
/// SuperAdmins because only platform staff should author release content.
|
|
/// </para>
|
|
/// </summary>
|
|
public class ReleaseNotesController : Controller
|
|
{
|
|
private readonly ApplicationDbContext _db;
|
|
private readonly IInAppNotificationService _inApp;
|
|
|
|
public ReleaseNotesController(ApplicationDbContext db, IInAppNotificationService inApp)
|
|
{
|
|
_db = db;
|
|
_inApp = inApp;
|
|
}
|
|
|
|
// ── Public: Changelog ────────────────────────────────────────────────────
|
|
// Visible to all authenticated users
|
|
|
|
/// <summary>
|
|
/// Renders the public changelog — shows only published release notes ordered
|
|
/// newest-first. Drafts are invisible to ordinary users so SuperAdmins can
|
|
/// prepare notes in advance without surfacing them prematurely.
|
|
/// </summary>
|
|
[Authorize]
|
|
public async Task<IActionResult> Index()
|
|
{
|
|
var notes = await _db.ReleaseNotes
|
|
.AsNoTracking()
|
|
.Where(r => r.IsPublished)
|
|
.OrderByDescending(r => r.ReleasedAt)
|
|
.ThenByDescending(r => r.Id)
|
|
.ToListAsync();
|
|
|
|
return View(notes);
|
|
}
|
|
|
|
// ── SuperAdmin: Manage ───────────────────────────────────────────────────
|
|
|
|
/// <summary>
|
|
/// Returns the SuperAdmin management list of all release notes (published and
|
|
/// draft alike), ordered newest-first. Unlike <see cref="Index"/> there is no
|
|
/// <c>IsPublished</c> filter here so admins can see and edit drafts.
|
|
/// </summary>
|
|
[Authorize(Policy = AppConstants.Policies.SuperAdminOnly)]
|
|
public async Task<IActionResult> Manage()
|
|
{
|
|
var notes = await _db.ReleaseNotes
|
|
.AsNoTracking()
|
|
.OrderByDescending(r => r.ReleasedAt)
|
|
.ThenByDescending(r => r.Id)
|
|
.ToListAsync();
|
|
|
|
return View(notes);
|
|
}
|
|
|
|
/// <summary>
|
|
/// Returns the Create form pre-populated with today's UTC date and the "Feature"
|
|
/// tag as sensible defaults for new entries, reducing data-entry friction.
|
|
/// </summary>
|
|
[Authorize(Policy = AppConstants.Policies.SuperAdminOnly)]
|
|
public IActionResult Create()
|
|
{
|
|
return View(new ReleaseNote
|
|
{
|
|
ReleasedAt = DateTime.UtcNow,
|
|
Tag = "Feature"
|
|
});
|
|
}
|
|
|
|
/// <summary>
|
|
/// Persists a new release note and captures the creating SuperAdmin's identity
|
|
/// (<c>CreatedByUserId</c> / <c>CreatedByUserName</c>) for audit purposes.
|
|
/// New notes start unpublished by default unless the form explicitly sets
|
|
/// <c>IsPublished = true</c>, giving authors a chance to review before going live.
|
|
/// </summary>
|
|
[HttpPost, ValidateAntiForgeryToken]
|
|
[Authorize(Policy = AppConstants.Policies.SuperAdminOnly)]
|
|
public async Task<IActionResult> Create(ReleaseNote model)
|
|
{
|
|
if (!ModelState.IsValid)
|
|
return View(model);
|
|
|
|
model.CreatedAt = DateTime.UtcNow;
|
|
model.CreatedByUserId = User.FindFirst(System.Security.Claims.ClaimTypes.NameIdentifier)?.Value;
|
|
model.CreatedByUserName = User.Identity?.Name;
|
|
|
|
_db.ReleaseNotes.Add(model);
|
|
await _db.SaveChangesAsync();
|
|
|
|
if (model.IsPublished)
|
|
await NotifyAllTenantsAsync(model);
|
|
|
|
TempData["Success"] = $"Release note v{model.Version} created.";
|
|
return RedirectToAction(nameof(Manage));
|
|
}
|
|
|
|
/// <summary>
|
|
/// Returns the Edit form loaded from the database by primary key.
|
|
/// </summary>
|
|
[Authorize(Policy = AppConstants.Policies.SuperAdminOnly)]
|
|
public async Task<IActionResult> Edit(int id)
|
|
{
|
|
var note = await _db.ReleaseNotes.FindAsync(id);
|
|
if (note == null) return NotFound();
|
|
return View(note);
|
|
}
|
|
|
|
/// <summary>
|
|
/// Applies the edited values to the tracked entity. Uses explicit field
|
|
/// mapping (rather than <c>_db.Entry(model).State = Modified</c>) to prevent
|
|
/// over-posting attacks and to ensure audit fields like <c>CreatedAt</c> and
|
|
/// <c>CreatedByUserId</c> are never overwritten.
|
|
/// </summary>
|
|
[HttpPost, ValidateAntiForgeryToken]
|
|
[Authorize(Policy = AppConstants.Policies.SuperAdminOnly)]
|
|
public async Task<IActionResult> Edit(int id, ReleaseNote model)
|
|
{
|
|
if (id != model.Id) return BadRequest();
|
|
if (!ModelState.IsValid)
|
|
return View(model);
|
|
|
|
var note = await _db.ReleaseNotes.FindAsync(id);
|
|
if (note == null) return NotFound();
|
|
|
|
note.Version = model.Version;
|
|
note.Title = model.Title;
|
|
note.Body = model.Body;
|
|
note.Tag = model.Tag;
|
|
note.IsPublished= model.IsPublished;
|
|
note.ReleasedAt = model.ReleasedAt;
|
|
note.UpdatedAt = DateTime.UtcNow;
|
|
|
|
await _db.SaveChangesAsync();
|
|
|
|
TempData["Success"] = $"Release note v{note.Version} updated.";
|
|
return RedirectToAction(nameof(Manage));
|
|
}
|
|
|
|
/// <summary>
|
|
/// Toggles the published state of a release note. Publishing makes the note
|
|
/// immediately visible to all authenticated users via <see cref="Index"/>;
|
|
/// un-publishing hides it without permanently deleting it so it can be revised
|
|
/// and re-published later.
|
|
/// </summary>
|
|
[HttpPost, ValidateAntiForgeryToken]
|
|
[Authorize(Policy = AppConstants.Policies.SuperAdminOnly)]
|
|
public async Task<IActionResult> TogglePublish(int id)
|
|
{
|
|
var note = await _db.ReleaseNotes.FindAsync(id);
|
|
if (note == null) return NotFound();
|
|
|
|
var wasPublished = note.IsPublished;
|
|
note.IsPublished = !note.IsPublished;
|
|
note.UpdatedAt = DateTime.UtcNow;
|
|
await _db.SaveChangesAsync();
|
|
|
|
if (note.IsPublished && !wasPublished)
|
|
await NotifyAllTenantsAsync(note);
|
|
|
|
TempData["Success"] = note.IsPublished
|
|
? $"v{note.Version} published — now visible to all users."
|
|
: $"v{note.Version} unpublished — hidden from users.";
|
|
return RedirectToAction(nameof(Manage));
|
|
}
|
|
|
|
/// <summary>
|
|
/// Permanently (hard) deletes a release note. This is intentional — release notes
|
|
/// are platform metadata, not business data, so they do not use soft delete.
|
|
/// Use <see cref="TogglePublish"/> to hide a note without permanent removal.
|
|
/// </summary>
|
|
[HttpPost, ValidateAntiForgeryToken]
|
|
[Authorize(Policy = AppConstants.Policies.SuperAdminOnly)]
|
|
public async Task<IActionResult> Delete(int id)
|
|
{
|
|
var note = await _db.ReleaseNotes.FindAsync(id);
|
|
if (note == null) return NotFound();
|
|
|
|
_db.ReleaseNotes.Remove(note);
|
|
await _db.SaveChangesAsync();
|
|
|
|
TempData["Success"] = $"Release note v{note.Version} deleted.";
|
|
return RedirectToAction(nameof(Manage));
|
|
}
|
|
|
|
/// <summary>
|
|
/// Fans out a "What's New" in-app notification to every active tenant company when
|
|
/// a release note transitions to published. Notification fires exactly once per
|
|
/// publish event — re-publishing after unpublishing will send a second notification,
|
|
/// which is intentional (the content may have changed).
|
|
/// </summary>
|
|
private Task NotifyAllTenantsAsync(ReleaseNote note)
|
|
{
|
|
var title = $"What's New — {note.Title}";
|
|
var message = note.Tag != null ? $"[{note.Tag}] See the latest updates in What's New." : "See the latest updates in What's New.";
|
|
return _inApp.CreateForAllCompaniesAsync(title, message, "ReleaseNote", "/ReleaseNotes");
|
|
}
|
|
}
|