using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using LittleShop.Services; using LittleShop.DTOs; namespace LittleShop.Areas.Admin.Controllers; [Area("Admin")] [Authorize(Policy = "AdminOnly")] public class UsersController : Controller { private readonly IAuthService _authService; public UsersController(IAuthService authService) { _authService = authService; } public async Task Index() { var users = await _authService.GetAllUsersAsync(); return View(users); } public IActionResult Create() { return View(); } [HttpPost] public async Task Create(CreateUserDto model) { if (!ModelState.IsValid) { return View(model); } var user = await _authService.CreateUserAsync(model); if (user == null) { ModelState.AddModelError("", "User with this username already exists"); return View(model); } return RedirectToAction(nameof(Index)); } public async Task Edit(Guid id) { var user = await _authService.GetUserByIdAsync(id); if (user == null) { return NotFound(); } var model = new UpdateUserDto { Username = user.Username, IsActive = user.IsActive }; ViewData["UserId"] = id; return View(model); } [HttpPost] public async Task Edit(Guid id, UpdateUserDto model) { if (!ModelState.IsValid) { ViewData["UserId"] = id; return View(model); } var success = await _authService.UpdateUserAsync(id, model); if (!success) { return NotFound(); } return RedirectToAction(nameof(Index)); } [HttpPost] public async Task Delete(Guid id) { await _authService.DeleteUserAsync(id); return RedirectToAction(nameof(Index)); } }