using ApiPolo.Models;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Data.SqlClient;
using System.Data;
using System.IdentityModel.Tokens.Jwt;
namespace ApiPolo.Controllers
{
/// Controller per Admin
[Route("api/[controller]")]
[ApiController]
public class AdminController : Controller
{
private readonly IConfiguration _configuration;
///
public AdminController(IConfiguration configuration)
{
_configuration = configuration;
}
///
[HttpGet("esegui")]
public IActionResult EseguiStoredProcedure([FromQuery] string token, [FromQuery] int idReg,[FromQuery] string stored)
{
string connStr = _configuration.GetConnectionString("ApiStr");
string sa = getClaimValueByToken(token, "superAdmin");
if(!string.IsNullOrEmpty(sa) && sa.Equals("S"))
{
using (SqlConnection conn = new SqlConnection(connStr))
{
using (SqlCommand cmd = new SqlCommand(stored, conn))
{
cmd.CommandType = CommandType.StoredProcedure;
// Aggiungi i parametri richiesti dalla stored procedure
cmd.Parameters.Add(new SqlParameter("@idReg", idReg));
try
{
conn.Open();
int righeEffettuate = cmd.ExecuteNonQuery();
return Ok(new { Successo = true, RigheInserite = righeEffettuate });
}
catch (Exception ex)
{
return StatusCode(500, $"Errore durante l'inserimento: {ex.Message}");
}
}
}
}
else
{
return StatusCode(403, "Accesso negato: non hai i permessi necessari.");
}
}
private string getClaimValueByToken(string token, string claimName)
{
string t = string.Empty;
var handler = new JwtSecurityTokenHandler();
var jwtSecurityToken = handler.ReadJwtToken(token);
if (jwtSecurityToken != null)
{
var id = jwtSecurityToken.Claims.First(claim => claim.Type == claimName).Value;
t = id;
}
return t;
}
}
}