package com.labfusion.controller; import com.labfusion.model.Dashboard; import com.labfusion.model.User; import com.labfusion.service.DashboardService; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Content; import io.swagger.v3.oas.annotations.media.Schema; import io.swagger.v3.oas.annotations.responses.ApiResponse; import io.swagger.v3.oas.annotations.responses.ApiResponses; import io.swagger.v3.oas.annotations.security.SecurityRequirement; import io.swagger.v3.oas.annotations.tags.Tag; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatusCode; import org.springframework.http.ResponseEntity; import org.springframework.security.core.annotation.AuthenticationPrincipal; import org.springframework.web.bind.annotation.*; import java.util.List; import java.util.Optional; @RestController @RequestMapping("/api/dashboards") @CrossOrigin(origins = "*") @Tag(name = "Dashboard Management", description = "APIs for managing user dashboards and widgets") @SecurityRequirement(name = "bearerAuth") public class DashboardController { @Autowired private DashboardService dashboardService; @GetMapping @Operation(summary = "Get user dashboards", description = "Retrieve all dashboards for the authenticated user") @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Successfully retrieved dashboards", content = @Content(mediaType = "application/json", schema = @Schema(implementation = Dashboard.class))), @ApiResponse(responseCode = "401", description = "Unauthorized") }) public ResponseEntity> getDashboards(@AuthenticationPrincipal User user) { List dashboards = dashboardService.getDashboardsByUser(user); return ResponseEntity.ok(dashboards); } @GetMapping("/{id}") @Operation(summary = "Get dashboard by ID", description = "Retrieve a specific dashboard by its ID") @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Successfully retrieved dashboard", content = @Content(mediaType = "application/json", schema = @Schema(implementation = Dashboard.class))), @ApiResponse(responseCode = "403", description = "Forbidden - User doesn't own this dashboard"), @ApiResponse(responseCode = "404", description = "Dashboard not found"), @ApiResponse(responseCode = "401", description = "Unauthorized") }) public ResponseEntity getDashboard( @Parameter(description = "Dashboard ID") @PathVariable Long id, @AuthenticationPrincipal User user) { Optional dashboard = dashboardService.getDashboardById(id); if (dashboard.isPresent()) { // Check if user owns the dashboard if (dashboard.get().getUser().getId().equals(user.getId())) { return ResponseEntity.ok(dashboard.get()); } else { return ResponseEntity.status(HttpStatusCode.valueOf(403)).build(); } } return ResponseEntity.notFound().build(); } @PostMapping public ResponseEntity createDashboard(@RequestBody Dashboard dashboard, @AuthenticationPrincipal User user) { dashboard.setUser(user); Dashboard savedDashboard = dashboardService.saveDashboard(dashboard); return ResponseEntity.ok(savedDashboard); } @PutMapping("/{id}") public ResponseEntity updateDashboard(@PathVariable Long id, @RequestBody Dashboard dashboard, @AuthenticationPrincipal User user) { try { Dashboard updatedDashboard = dashboardService.updateDashboard(id, dashboard); return ResponseEntity.ok(updatedDashboard); } catch (RuntimeException e) { return ResponseEntity.notFound().build(); } } @DeleteMapping("/{id}") public ResponseEntity deleteDashboard(@PathVariable Long id, @AuthenticationPrincipal User user) { Optional dashboard = dashboardService.getDashboardById(id); if (dashboard.isPresent() && dashboard.get().getUser().getId().equals(user.getId())) { dashboardService.deleteDashboard(id); return ResponseEntity.ok().build(); } return ResponseEntity.status(HttpStatusCode.valueOf(403)).build(); } }