feat(expense): add controllers + register services

Adds ExpenseCategoriesController, ExpensesController, MonthlyStatementsController and registers IExpenseCategoryService, IExpenseService, IMonthlyStatementService in DI. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-29 18:37:25 -07:00
parent 86d9879a6d
commit 9933c180b7
4 changed files with 227 additions and 0 deletions
@@ -0,0 +1,43 @@
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using ROLAC.API.DTOs.Expense;
+using ROLAC.API.Services;
+
+namespace ROLAC.API.Controllers;
+
+[ApiController]
+[Route("api/expense-categories")]
+[Authorize(Roles = "finance,super_admin")]
+public class ExpenseCategoriesController : ControllerBase
+{
+    private readonly IExpenseCategoryService _svc;
+    public ExpenseCategoriesController(IExpenseCategoryService svc) => _svc = svc;
+
+    [HttpGet]
+    public async Task<IActionResult> GetAll([FromQuery] bool includeInactive = false)
+        => Ok(await _svc.GetAllAsync(includeInactive));
+
+    [HttpPost("groups")]
+    public async Task<IActionResult> CreateGroup([FromBody] CreateExpenseGroupRequest r)
+        => Ok(new { id = await _svc.CreateGroupAsync(r) });
+
+    [HttpPut("groups/{id:int}")]
+    public async Task<IActionResult> UpdateGroup(int id, [FromBody] UpdateExpenseGroupRequest r)
+    { try { await _svc.UpdateGroupAsync(id, r); return NoContent(); } catch (KeyNotFoundException) { return NotFound(); } }
+
+    [HttpDelete("groups/{id:int}")]
+    public async Task<IActionResult> DeactivateGroup(int id)
+    { try { await _svc.DeactivateGroupAsync(id); return NoContent(); } catch (KeyNotFoundException) { return NotFound(); } }
+
+    [HttpPost("subcategories")]
+    public async Task<IActionResult> CreateSub([FromBody] CreateExpenseSubCategoryRequest r)
+    { try { return Ok(new { id = await _svc.CreateSubCategoryAsync(r) }); } catch (KeyNotFoundException) { return NotFound(); } }
+
+    [HttpPut("subcategories/{id:int}")]
+    public async Task<IActionResult> UpdateSub(int id, [FromBody] UpdateExpenseSubCategoryRequest r)
+    { try { await _svc.UpdateSubCategoryAsync(id, r); return NoContent(); } catch (KeyNotFoundException) { return NotFound(); } }
+
+    [HttpDelete("subcategories/{id:int}")]
+    public async Task<IActionResult> DeactivateSub(int id)
+    { try { await _svc.DeactivateSubCategoryAsync(id); return NoContent(); } catch (KeyNotFoundException) { return NotFound(); } }
+}
@@ -0,0 +1,133 @@
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using ROLAC.API.DTOs.Expense;
+using ROLAC.API.Services;
+
+namespace ROLAC.API.Controllers;
+
+[ApiController]
+[Route("api/expenses")]
+[Authorize]
+public class ExpensesController : ControllerBase
+{
+    private readonly IExpenseService _svc;
+    public ExpensesController(IExpenseService svc) => _svc = svc;
+
+    private bool IsFinance() => User.IsInRole("finance") || User.IsInRole("super_admin");
+    private bool CanViewAll() => IsFinance() || User.IsInRole("pastor");
+
+    [HttpGet]
+    public async Task<IActionResult> GetPaged(
+        [FromQuery] int page = 1, [FromQuery] int pageSize = 20, [FromQuery] string? search = null,
+        [FromQuery] int? ministryId = null, [FromQuery] int? categoryGroupId = null,
+        [FromQuery] string? status = null, [FromQuery] DateOnly? from = null, [FromQuery] DateOnly? to = null)
+    {
+        if (!CanViewAll()) return Forbid();
+        return Ok(await _svc.GetPagedAsync(page, pageSize, search, ministryId, categoryGroupId, status, from, to));
+    }
+
+    [HttpGet("mine")]
+    public async Task<IActionResult> GetMine([FromQuery] string? status = null, [FromQuery] int page = 1, [FromQuery] int pageSize = 20)
+    {
+        var uid = User.FindFirst(System.Security.Claims.ClaimTypes.NameIdentifier)!.Value;
+        return Ok(await _svc.GetMineAsync(uid, status, page, pageSize));
+    }
+
+    [HttpGet("{id:int}")]
+    public async Task<IActionResult> GetById(int id)
+    {
+        var dto = await _svc.GetByIdAsync(id);
+        if (dto is null) return NotFound();
+        var uid = User.FindFirst(System.Security.Claims.ClaimTypes.NameIdentifier)!.Value;
+        if (!CanViewAll() && dto.SubmittedBy != uid) return Forbid();
+        return Ok(dto);
+    }
+
+    [HttpPost]
+    public async Task<IActionResult> Create([FromBody] CreateExpenseRequest r)
+    {
+        try { return Ok(new { id = await _svc.CreateAsync(r, IsFinance()) }); }
+        catch (InvalidOperationException ex) { return Conflict(new { message = ex.Message }); }
+    }
+
+    [HttpPut("{id:int}")]
+    public async Task<IActionResult> Update(int id, [FromBody] UpdateExpenseRequest r)
+    {
+        try { await _svc.UpdateAsync(id, r, IsFinance()); return NoContent(); }
+        catch (KeyNotFoundException) { return NotFound(); }
+        catch (InvalidOperationException ex) { return Conflict(new { message = ex.Message }); }
+    }
+
+    [HttpDelete("{id:int}")]
+    public async Task<IActionResult> Delete(int id)
+    {
+        try { await _svc.DeleteAsync(id, IsFinance()); return NoContent(); }
+        catch (KeyNotFoundException) { return NotFound(); }
+        catch (InvalidOperationException ex) { return Conflict(new { message = ex.Message }); }
+    }
+
+    [HttpPost("{id:int}/submit")]
+    public async Task<IActionResult> Submit(int id)
+    {
+        try { await _svc.SubmitAsync(id); return NoContent(); }
+        catch (KeyNotFoundException) { return NotFound(); }
+        catch (InvalidOperationException ex) { return Conflict(new { message = ex.Message }); }
+    }
+
+    [HttpPost("{id:int}/approve")]
+    [Authorize(Roles = "finance,super_admin")]
+    public async Task<IActionResult> Approve(int id)
+    {
+        try { await _svc.ApproveAsync(id); return NoContent(); }
+        catch (KeyNotFoundException) { return NotFound(); }
+        catch (InvalidOperationException ex) { return Conflict(new { message = ex.Message }); }
+    }
+
+    [HttpPost("{id:int}/reject")]
+    [Authorize(Roles = "finance,super_admin")]
+    public async Task<IActionResult> Reject(int id, [FromBody] RejectExpenseRequest r)
+    {
+        try { await _svc.RejectAsync(id, r.ReviewNotes); return NoContent(); }
+        catch (KeyNotFoundException) { return NotFound(); }
+        catch (InvalidOperationException ex) { return Conflict(new { message = ex.Message }); }
+    }
+
+    [HttpPost("{id:int}/pay")]
+    [Authorize(Roles = "finance,super_admin")]
+    public async Task<IActionResult> Pay(int id, [FromBody] PayExpenseRequest r)
+    {
+        try { await _svc.PayAsync(id, r.CheckNumber, r.PaidAt); return NoContent(); }
+        catch (KeyNotFoundException) { return NotFound(); }
+        catch (InvalidOperationException ex) { return Conflict(new { message = ex.Message }); }
+    }
+
+    [HttpPost("{id:int}/receipt")]
+    [RequestSizeLimit(10_485_760)]
+    public async Task<IActionResult> UploadReceipt(int id, IFormFile file)
+    {
+        if (file is null || file.Length == 0) return BadRequest(new { message = "No file." });
+        var allowed = new[] { "image/jpeg", "image/png", "image/webp", "application/pdf" };
+        if (!allowed.Contains(file.ContentType)) return BadRequest(new { message = "Unsupported file type." });
+        try
+        {
+            await using var stream = file.OpenReadStream();
+            await _svc.SaveReceiptAsync(id, stream, file.FileName, IsFinance());
+            return NoContent();
+        }
+        catch (KeyNotFoundException) { return NotFound(); }
+        catch (InvalidOperationException ex) { return Conflict(new { message = ex.Message }); }
+    }
+
+    [HttpGet("{id:int}/receipt")]
+    public async Task<IActionResult> GetReceipt(int id)
+    {
+        try
+        {
+            var result = await _svc.OpenReceiptAsync(id, IsFinance());
+            if (result is null) return NotFound();
+            return File(result.Value.stream, result.Value.contentType);
+        }
+        catch (KeyNotFoundException) { return NotFound(); }
+        catch (InvalidOperationException) { return Forbid(); }
+    }
+}
@@ -0,0 +1,48 @@
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using ROLAC.API.DTOs.Expense;
+using ROLAC.API.Services;
+
+namespace ROLAC.API.Controllers;
+
+[ApiController]
+[Route("api/monthly-statements")]
+[Authorize(Roles = "finance,super_admin")]
+public class MonthlyStatementsController : ControllerBase
+{
+    private readonly IMonthlyStatementService _svc;
+    public MonthlyStatementsController(IMonthlyStatementService svc) => _svc = svc;
+
+    [HttpGet]
+    public async Task<IActionResult> GetAll([FromQuery] int? year = null)
+        => Ok(await _svc.GetAllAsync(year));
+
+    [HttpGet("{id:int}")]
+    public async Task<IActionResult> GetById(int id)
+    {
+        var dto = await _svc.GetByIdAsync(id);
+        return dto is null ? NotFound() : Ok(dto);
+    }
+
+    [HttpPost]
+    public async Task<IActionResult> Create([FromBody] CreateMonthlyStatementRequest r)
+    {
+        try { return Ok(new { id = await _svc.CreateAsync(r) }); }
+        catch (InvalidOperationException ex) { return Conflict(new { message = ex.Message }); }
+    }
+
+    [HttpPut("{id:int}")]
+    public async Task<IActionResult> Update(int id, [FromBody] UpdateMonthlyStatementRequest r)
+    {
+        try { await _svc.UpdateAsync(id, r); return NoContent(); }
+        catch (KeyNotFoundException) { return NotFound(); }
+        catch (InvalidOperationException ex) { return Conflict(new { message = ex.Message }); }
+    }
+
+    [HttpPost("{id:int}/finalize")]
+    public async Task<IActionResult> Finalize(int id)
+    {
+        try { await _svc.FinalizeAsync(id); return NoContent(); }
+        catch (KeyNotFoundException) { return NotFound(); }
+    }
+}