feat: add MembersController (CRUD + paged list)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

API/ROLAC.API/Controllers/MembersController.cs

@@ -0,0 +1,62 @@
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using ROLAC.API.DTOs.Members;
+using ROLAC.API.Services;
+
+namespace ROLAC.API.Controllers;
+
+[ApiController]
+[Route("api/members")]
+[Authorize]
+public class MembersController : ControllerBase
+{
+    private readonly IMemberService _members;
+    public MembersController(IMemberService members) => _members = members;
+
+    /// <summary>GET /api/members?page=1&pageSize=20&search=Chen&status=Member&hasUser=false</summary>
+    [HttpGet]
+    [Authorize(Roles = "super_admin,secretary,pastor")]
+    public async Task<IActionResult> GetPaged(
+        [FromQuery] int     page     = 1,
+        [FromQuery] int     pageSize = 20,
+        [FromQuery] string? search   = null,
+        [FromQuery] string? status   = null,
+        [FromQuery] bool?   hasUser  = null)
+        => Ok(await _members.GetPagedAsync(page, pageSize, search, status, hasUser));
+
+    /// <summary>GET /api/members/{id}</summary>
+    [HttpGet("{id:int}")]
+    [Authorize(Roles = "super_admin,secretary,pastor")]
+    public async Task<IActionResult> GetById(int id)
+    {
+        var dto = await _members.GetByIdAsync(id);
+        return dto is null ? NotFound() : Ok(dto);
+    }
+
+    /// <summary>POST /api/members</summary>
+    [HttpPost]
+    [Authorize(Roles = "super_admin,secretary")]
+    public async Task<IActionResult> Create([FromBody] CreateMemberRequest request)
+    {
+        var id = await _members.CreateAsync(request);
+        return CreatedAtAction(nameof(GetById), new { id }, new { id });
+    }
+
+    /// <summary>PUT /api/members/{id}</summary>
+    [HttpPut("{id:int}")]
+    [Authorize(Roles = "super_admin,secretary")]
+    public async Task<IActionResult> Update(int id, [FromBody] UpdateMemberRequest request)
+    {
+        try   { await _members.UpdateAsync(id, request); return NoContent(); }
+        catch (KeyNotFoundException) { return NotFound(); }
+    }
+
+    /// <summary>DELETE /api/members/{id} — soft delete</summary>
+    [HttpDelete("{id:int}")]
+    [Authorize(Roles = "super_admin,secretary")]
+    public async Task<IActionResult> Delete(int id)
+    {
+        try   { await _members.DeleteAsync(id); return NoContent(); }
+        catch (KeyNotFoundException) { return NotFound(); }
+    }
+}

API/ROLAC.API/Program.cs

@@ -82,8 +82,9 @@ builder.Services.AddCors(opt =>
 // ---------------------------------------------------------------------------
 // Application services
 // ---------------------------------------------------------------------------
-builder.Services.AddScoped<ITokenService, TokenService>();
+builder.Services.AddScoped<ITokenService,  TokenService>();
-builder.Services.AddScoped<IAuthService,  AuthService>();
+builder.Services.AddScoped<IAuthService,   AuthService>();
+builder.Services.AddScoped<IMemberService, MemberService>();
 
 // ---------------------------------------------------------------------------
 // Swagger / MVC