Admin/login

MTWorkHR.API/Controllers/AdminController.cs

@@ -0,0 +1,29 @@
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc;
+using MTWorkHR.Application.Filters;
+using MTWorkHR.Application.Identity;
+using MTWorkHR.Application.Models;
+using MTWorkHR.Core.Global;
+using MTWorkHR.Identity.Services;
+
+namespace MTWorkHR.API.Controllers
+{
+    [Route("api/[controller]")]
+    [ApiController]
+
+    public class AdminController : ControllerBase
+    {
+        private readonly IAuthService _authenticationService;
+        public AdminController(IAuthService authenticationService) 
+        {
+            _authenticationService = authenticationService;
+        }
+        [HttpPost("login")]
+        public async Task<ActionResult<AuthResponse>> Login(AuthRequest request)
+        {
+            return Ok( await _authenticationService.AdminLogin(request));
+        }
+       
+    }
+}

MTWorkHR.API/Controllers/CompanyController.cs

@@ -53,17 +53,20 @@ namespace MTWorkHR.API.Controllers
         {
             return await _companyService.Update(input);
         }
-
+        
         [HttpDelete("Delete")]
         [ProducesResponseType(StatusCodes.Status200OK)]
-
+        // [AppAuthorize(Permissions = "Company.Delete")]
+        [Authorize(Policy = "SuperAdminOnly")]
         public async Task Delete([FromQuery] long id)
         {
             await _companyService.Delete(id);
         }
+
         [HttpDelete("Suspend")]
         [ProducesResponseType(StatusCodes.Status200OK)]
-
+        //[AppAuthorize(Permissions = "Company.Suspend")]
+        [Authorize(Policy = "SuperAdminOnly")]
         public async Task Suspend([FromQuery] long id)
         {
             await _companyService.Suspend(id);

MTWorkHR.API/Controllers/UserController.cs

@@ -64,6 +64,7 @@ namespace MTWorkHR.API.Controllers
             return Ok(await _userService.Update(input));
         }
 
+        [Authorize(Policy = "SuperAdminOnly")]
         [HttpDelete("Delete")]
         [ProducesResponseType(StatusCodes.Status200OK)]
 
@@ -72,6 +73,7 @@ namespace MTWorkHR.API.Controllers
             await _userService.Delete(id);
         }
 
+        [Authorize(Policy = "SuperAdminOnly")]
         [HttpDelete("Suspend")]
         [ProducesResponseType(StatusCodes.Status200OK)]
 

MTWorkHR.API/Program.cs

@@ -160,6 +160,11 @@ builder.Services.AddSwaggerGen(swagger =>
                 });
 });
 
+builder.Services.AddAuthorization(options =>
+{
+    options.AddPolicy("SuperAdminOnly", policy => policy.RequireRole("Admin"));
+});
+
 //--------------------------
 var app = builder.Build();
 

MTWorkHR.Application/Dtos/Contract/ContractDto.cs

@@ -49,7 +49,8 @@ namespace MTWorkHR.Application.Models
         public int? TrialPeriod { get; set; } // تجربة (ادخال: تلقائياً كل ربع سنوي أسبوع تلقائياً) آخر: تعديل
         public TerminateContractEnum WhoCanTerminateContractInTrial { get; set; } //اختيار   الجميع – صاحب العمل – الموظف
         public TerminateContractEnum WhoCanTerminateContract { get; set; }
-        public int NoticePeriodBeforeTermination { get; set; } //اختيار: بدون – تحديد (ادخال: تلقائياً مدة 10 أيام قبل انتهاء الاستحقاق) آخر: تعديل
+        [JsonProperty(Required = Required.AllowNull)]
+        public int? NoticePeriodBeforeTermination { get; set; } //اختيار: بدون – تحديد (ادخال: تلقائياً مدة 10 أيام قبل انتهاء الاستحقاق) آخر: تعديل
 
 
         //------Working time---------------

MTWorkHR.Application/Dtos/Identity/AuthResponse.cs

@@ -9,10 +9,6 @@ namespace MTWorkHR.Application.Models
 {
     public class AuthResponse
     {
-  //      public string Id { get; set; }
-      //  public string UserName { get; set; }
-       // public string Email { get; set; }
-   //     public int UserTypeId { get; set; }
         public UserDto User { get; set; }
         public string Token{ get; set; }
         public DateTime Expiration { get; set; }

MTWorkHR.Application/Middlewares/LoggingMiddleware.cs

@@ -97,6 +97,13 @@ namespace MTWorkHR.Application.Middlewares
                             context.Response.Clear();
                             context.Response.ContentType = "text/plain";
                             context.Response.StatusCode = StatusCodes.Status400BadRequest;
+                            context.Response.StatusCode = e.ErrorNumber switch
+                            {
+                                ExceptionEnum.EmailNotExist => StatusCodes.Status401Unauthorized,
+                                ExceptionEnum.NotAuthorized => StatusCodes.Status401Unauthorized,
+                                ExceptionEnum.WrongCredentials => StatusCodes.Status401Unauthorized,
+                                _ => StatusCodes.Status400BadRequest
+                            };
                             await context.Response.WriteAsJsonAsync(
                              new BadRequestResult
                              {

MTWorkHR.Application/Services/Auth/AuthService.cs

@@ -1,4 +1,5 @@
 using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.Options;
 using Microsoft.IdentityModel.Tokens;
@@ -40,7 +41,7 @@ namespace MTWorkHR.Identity.Services
             var result = await _signInManager.CheckPasswordSignInAsync(user, request.Password, false);
             if(!result.Succeeded)
             {
-                throw new AppException(GlobalInfo.lang == "en"? $"Credentials for '{request.Email} are not valid'." : $"كلمة المرور غير صحيحة.");
+                throw new AppException(ExceptionEnum.WrongCredentials);
             }
             var userResponse = await _userService.GetById(user.Id);
 
@@ -58,32 +59,6 @@ namespace MTWorkHR.Identity.Services
             };
             return response;
         }
-        //public async Task<RegistrationResponse> Register(RegistrationRequest request)
-        //{
-        //    var user = new ApplicationUser { 
-        //        Email = request.Email ,
-        //        UserName = request.UserName ,
-        //        FirstName = request.FirstName ,
-        //        LastName = request.LastName ,
-        //        EmailConfirmed  = true
-        //    };
-        //    var result = await _userManager.CreateAsync(user, request.Password);
-        //    if (result.Succeeded)
-        //    {
-        //        await _userManager.AddToRoleAsync(user, request.RoleName);
-        //        return new RegistrationResponse(){ UserId = user.Id };
-        //    }
-        //    else
-        //    {
-        //        StringBuilder str = new StringBuilder();
-        //        foreach (var err in result.Errors)
-        //        {
-        //            str.AppendFormat(".{0}\n", err.Description);
-        //        }
-        //        throw new BadRequest($"{str}");
-        //    }
-        //}
-
       
 
         private async Task<JwtSecurityToken> GenerateToken(ApplicationUser user)
@@ -112,7 +87,37 @@ namespace MTWorkHR.Identity.Services
             return jwtSecurityToken;
         }
 
-       
+        public async Task<AuthResponse> AdminLogin(AuthRequest request)
+        {
+            var user = await _userManager.FindByEmailAsync(request.Email);
+            if (user == null)
+            {
+                throw new AppException(ExceptionEnum.EmailNotExist);
+            }
+            var roles = await _userManager.GetRolesAsync(user);
+            if(!roles.Any(r => r == "Admin"))
+            {
+                throw new AppException(ExceptionEnum.NotAuthorized);
+            }
+            var roleClaims = roles.Select(r => new Claim(ClaimTypes.Role, r)).ToList();
+
+            var result = await _signInManager.CheckPasswordSignInAsync(user, request.Password, false);
+            if (!result.Succeeded)
+            {
+                throw new AppException(ExceptionEnum.WrongCredentials);
+            }
+            var userResponse = await _userService.GetById(user.Id);
+
+            JwtSecurityToken jwtToken = await GenerateToken(user);
+
+            var response = new AuthResponse
+            {
+                User = userResponse,
+                Token = new JwtSecurityTokenHandler().WriteToken(jwtToken),
+                Expiration = jwtToken.ValidTo
+            };
+            return response;
+        }
     }
   
 }

MTWorkHR.Application/Services/Interfaces/IAuthService.cs

@@ -10,7 +10,8 @@ namespace MTWorkHR.Application.Identity
     public interface IAuthService
     {
         Task<AuthResponse> Login(AuthRequest request);
-
+        Task<AuthResponse> AdminLogin(AuthRequest request);
+        
 
     }
 }

MTWorkHR.Core/Global/AppExceptions.cs

@@ -32,8 +32,8 @@ namespace MTWorkHR.Core.Global
             } },
             {ExceptionEnum.WrongCredentials, new Dictionary<string, string>
             {
-                { "en", "Username or password incorrect!" },
-                { "ar", "اسم المستخدم أو كلمة المرور غير صحيحة!" }
+                { "en", "Password is incorrect!" },
+                { "ar", "كلمة المرور غير صحيحة!" }
             }},
             {ExceptionEnum.RecordCannotBeDelete, new Dictionary<string, string>
             {