// src/Webshop.Api/Controllers/Customer/OrdersController.cs using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using System; using System.Collections.Generic; using System.Security.Claims; using System.Threading.Tasks; using Webshop.Application.DTOs.Orders; using Webshop.Application.Services.Customers; using Webshop.Application.Services.Customers.Interfaces; // Für IOrderService namespace Webshop.Api.Controllers.Customer { [ApiController] [Route("api/v1/customer/orders")] [Authorize(Roles = "Customer")] public class OrdersController : ControllerBase { private readonly IOrderService _orderService; public OrdersController(IOrderService orderService) { _orderService = orderService; } [HttpPost] public async Task CreateOrder([FromBody] CreateOrderDto orderDto) { if (!ModelState.IsValid) return BadRequest(ModelState); var userId = User.FindFirstValue(ClaimTypes.NameIdentifier); if (string.IsNullOrEmpty(userId)) { // In einer [Authorize]-Methode sollte das nie passieren, aber zur Sicherheit return Unauthorized(); } var (success, createdOrder, errorMessage) = await _orderService.CreateOrderAsync(orderDto, userId); if (!success) { return BadRequest(new { Message = errorMessage }); } // Hier wird GetMyOrderById referenziert, also erstellen wir eine leere Methode dafür return CreatedAtAction(nameof(GetMyOrderById), new { id = createdOrder.Id }, createdOrder); } [HttpGet] public async Task>> GetMyOrders() { var userId = User.FindFirstValue(ClaimTypes.NameIdentifier); if (string.IsNullOrEmpty(userId)) return Unauthorized(); var orders = await _orderService.GetMyOrdersAsync(userId); return Ok(orders); } [HttpGet("{id}")] public async Task> GetMyOrderById(Guid id) { var userId = User.FindFirstValue(ClaimTypes.NameIdentifier); if (string.IsNullOrEmpty(userId)) return Unauthorized(); var order = await _orderService.GetMyOrderByIdAsync(id, userId); if (order == null) return NotFound(); return Ok(order); } } }