Chris Chen
7c5348969b
Payee1099Controller (api/payee-1099): CRUD + TIN reveal, class-level Read gate, method-level Write/Delete overrides — mirrors the HasPermission class+method stacking pattern from ExpensesController. Form1099ReportController (api/form1099-report): boxes, annual summary, and per-recipient detail; read-only, no method-level overrides needed. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
26 lines
897 B
C#
26 lines
897 B
C#
using Microsoft.AspNetCore.Mvc;
|
|
using ROLAC.API.Authorization;
|
|
using ROLAC.API.Services;
|
|
|
|
namespace ROLAC.API.Controllers;
|
|
|
|
[ApiController]
|
|
[Route("api/form1099-report")]
|
|
[HasPermission(Modules.Form1099, PermissionActions.Read)]
|
|
public class Form1099ReportController : ControllerBase
|
|
{
|
|
private readonly IForm1099ReportService _svc;
|
|
public Form1099ReportController(IForm1099ReportService svc) => _svc = svc;
|
|
|
|
[HttpGet("boxes")]
|
|
public async Task<IActionResult> Boxes() => Ok(await _svc.GetBoxesAsync());
|
|
|
|
[HttpGet("summary")]
|
|
public async Task<IActionResult> Summary([FromQuery] int taxYear)
|
|
=> Ok(await _svc.GetAnnualSummaryAsync(taxYear));
|
|
|
|
[HttpGet("recipient/{payeeId:int}")]
|
|
public async Task<IActionResult> Recipient(int payeeId, [FromQuery] int taxYear)
|
|
=> await _svc.GetRecipientDetailAsync(payeeId, taxYear) is { } d ? Ok(d) : NotFound();
|
|
}
|