Chris Chen
40 lines
1.6 KiB
C#
40 lines
1.6 KiB
C#
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using ROLAC.API.Authorization;
|
|
using ROLAC.API.DTOs.Invitations;
|
|
using ROLAC.API.Services;
|
|
|
|
namespace ROLAC.API.Controllers;
|
|
|
|
/// <summary>
|
|
/// Admin endpoints for generating and e-mailing first-login invitation links.
|
|
/// The public consume/validate endpoints live on <see cref="AuthController"/> so they can set the
|
|
/// refresh-token cookie and stay anonymous.
|
|
/// </summary>
|
|
[ApiController]
|
|
[Route("api/invitations")]
|
|
[Authorize]
|
|
public class InvitationsController : ControllerBase
|
|
{
|
|
private readonly IInvitationService _invitations;
|
|
public InvitationsController(IInvitationService invitations) => _invitations = invitations;
|
|
|
|
/// <summary>POST /api/invitations — generate a link for a member; returns { token, expiresAt }.</summary>
|
|
[HttpPost]
|
|
[HasPermission(Modules.Users, PermissionActions.Write)]
|
|
public async Task<IActionResult> Create([FromBody] CreateInvitationRequest request)
|
|
{
|
|
try { return Ok(await _invitations.CreateAsync(request)); }
|
|
catch (InvalidOperationException ex) { return BadRequest(new { message = ex.Message }); }
|
|
}
|
|
|
|
/// <summary>POST /api/invitations/send — e-mail an already-generated link to the member.</summary>
|
|
[HttpPost("send")]
|
|
[HasPermission(Modules.Users, PermissionActions.Write)]
|
|
public async Task<IActionResult> Send([FromBody] SendInvitationRequest request)
|
|
{
|
|
try { await _invitations.SendEmailAsync(request.MemberId, request.Link); return NoContent(); }
|
|
catch (InvalidOperationException ex) { return BadRequest(new { message = ex.Message }); }
|
|
}
|
|
}
|