labFusion/services/api-gateway/src/main/java/com/labfusion/controller/DashboardController.java

package com.labfusion.controller;

import com.labfusion.model.Dashboard;
import com.labfusion.model.User;
import com.labfusion.service.DashboardService;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.media.Content;
import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import io.swagger.v3.oas.annotations.responses.ApiResponses;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import io.swagger.v3.oas.annotations.tags.Tag;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatusCode;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.web.bind.annotation.*;

import java.util.List;
import java.util.Optional;

@RestController
@RequestMapping("/api/dashboards")
@CrossOrigin(origins = "*")
@Tag(name = "Dashboard Management", description = "APIs for managing user dashboards and widgets")
@SecurityRequirement(name = "bearerAuth")
public class DashboardController {
    
    @Autowired
    private DashboardService dashboardService;
    
    @GetMapping
    @Operation(summary = "Get user dashboards", description = "Retrieve all dashboards for the authenticated user")
    @ApiResponses(value = {
        @ApiResponse(responseCode = "200", description = "Successfully retrieved dashboards",
                content = @Content(mediaType = "application/json", schema = @Schema(implementation = Dashboard.class))),
        @ApiResponse(responseCode = "401", description = "Unauthorized")
    })
    public ResponseEntity<List<Dashboard>> getDashboards(@AuthenticationPrincipal User user) {
        List<Dashboard> dashboards = dashboardService.getDashboardsByUser(user);
        return ResponseEntity.ok(dashboards);
    }
    
    @GetMapping("/{id}")
    @Operation(summary = "Get dashboard by ID", description = "Retrieve a specific dashboard by its ID")
    @ApiResponses(value = {
        @ApiResponse(responseCode = "200", description = "Successfully retrieved dashboard",
                content = @Content(mediaType = "application/json", schema = @Schema(implementation = Dashboard.class))),
        @ApiResponse(responseCode = "403", description = "Forbidden - User doesn't own this dashboard"),
        @ApiResponse(responseCode = "404", description = "Dashboard not found"),
        @ApiResponse(responseCode = "401", description = "Unauthorized")
    })
    public ResponseEntity<Dashboard> getDashboard(
            @Parameter(description = "Dashboard ID") @PathVariable Long id, 
            @AuthenticationPrincipal User user) {
        Optional<Dashboard> dashboard = dashboardService.getDashboardById(id);
        if (dashboard.isPresent()) {
            // Check if user owns the dashboard
            if (dashboard.get().getUser().getId().equals(user.getId())) {
                return ResponseEntity.ok(dashboard.get());
            } else {
                return ResponseEntity.status(HttpStatusCode.valueOf(403)).build();
            }
        }
        return ResponseEntity.notFound().build();
    }
    
    @PostMapping
    public ResponseEntity<Dashboard> createDashboard(@RequestBody Dashboard dashboard, @AuthenticationPrincipal User user) {
        dashboard.setUser(user);
        Dashboard savedDashboard = dashboardService.saveDashboard(dashboard);
        return ResponseEntity.ok(savedDashboard);
    }
    
    @PutMapping("/{id}")
    public ResponseEntity<Dashboard> updateDashboard(@PathVariable Long id, @RequestBody Dashboard dashboard, @AuthenticationPrincipal User user) {
        try {
            Dashboard updatedDashboard = dashboardService.updateDashboard(id, dashboard);
            return ResponseEntity.ok(updatedDashboard);
        } catch (RuntimeException e) {
            return ResponseEntity.notFound().build();
        }
    }
    
    @DeleteMapping("/{id}")
    public ResponseEntity<Void> deleteDashboard(@PathVariable Long id, @AuthenticationPrincipal User user) {
        Optional<Dashboard> dashboard = dashboardService.getDashboardById(id);
        if (dashboard.isPresent() && dashboard.get().getUser().getId().equals(user.getId())) {
            dashboardService.deleteDashboard(id);
            return ResponseEntity.ok().build();
        }
        return ResponseEntity.status(HttpStatusCode.valueOf(403)).build();
    }
}