feat(geschichte): add REST controller with BLOG_WRITE permission gates

GET endpoints are open to authenticated users (the service layer enforces DRAFT visibility). POST/PATCH/DELETE require @RequirePermission(BLOG_WRITE). WebMvcTest slice covers 401/403/200/201/204 paths. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-02 17:31:43 +02:00
parent 08d96e5b0f
commit 9fc96a15cf
2 changed files with 286 additions and 0 deletions
--- a/backend/src/main/java/org/raddatz/familienarchiv/controller/GeschichteController.java
+++ b/backend/src/main/java/org/raddatz/familienarchiv/controller/GeschichteController.java
@@ -0,0 +1,65 @@
+package org.raddatz.familienarchiv.controller;
+
+import lombok.RequiredArgsConstructor;
+import org.raddatz.familienarchiv.dto.GeschichteUpdateDTO;
+import org.raddatz.familienarchiv.model.Geschichte;
+import org.raddatz.familienarchiv.model.GeschichteStatus;
+import org.raddatz.familienarchiv.security.Permission;
+import org.raddatz.familienarchiv.security.RequirePermission;
+import org.raddatz.familienarchiv.service.GeschichteService;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PatchMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.List;
+import java.util.UUID;
+
+@RestController
+@RequestMapping("/api/geschichten")
+@RequiredArgsConstructor
+public class GeschichteController {
+
+    private final GeschichteService geschichteService;
+
+    @GetMapping
+    public List<Geschichte> list(
+            @RequestParam(required = false) GeschichteStatus status,
+            @RequestParam(required = false) UUID personId,
+            @RequestParam(required = false) UUID documentId,
+            @RequestParam(required = false, defaultValue = "50") int limit) {
+        return geschichteService.list(status, personId, documentId, limit);
+    }
+
+    @GetMapping("/{id}")
+    public Geschichte getById(@PathVariable UUID id) {
+        return geschichteService.getById(id);
+    }
+
+    @PostMapping
+    @RequirePermission(Permission.BLOG_WRITE)
+    public ResponseEntity<Geschichte> create(@RequestBody GeschichteUpdateDTO dto) {
+        Geschichte created = geschichteService.create(dto);
+        return ResponseEntity.status(HttpStatus.CREATED).body(created);
+    }
+
+    @PatchMapping("/{id}")
+    @RequirePermission(Permission.BLOG_WRITE)
+    public Geschichte update(@PathVariable UUID id, @RequestBody GeschichteUpdateDTO dto) {
+        return geschichteService.update(id, dto);
+    }
+
+    @DeleteMapping("/{id}")
+    @RequirePermission(Permission.BLOG_WRITE)
+    public ResponseEntity<Void> delete(@PathVariable UUID id) {
+        geschichteService.delete(id);
+        return ResponseEntity.noContent().build();
+    }
+}