flatrender/services/studio/FlatRender.StudioSvc/Controllers/StudioController.cs

using System.Security.Claims;
using FlatRender.StudioSvc.Application.Services;
using FlatRender.StudioSvc.Models.Requests;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;

namespace FlatRender.StudioSvc.Controllers;

[ApiController]
[Route("v1/saved-projects")]
[Authorize]
public class StudioController(StudioService svc) : ControllerBase
{
    private Guid UserId => Guid.Parse(User.FindFirstValue(ClaimTypes.NameIdentifier)!);
    private Guid TenantId => Guid.Parse(
        User.FindFirstValue("tenant_id") ?? "00000000-0000-0000-0000-000000000001");

    [HttpGet]
    public async Task<IActionResult> List([FromQuery] SavedProjectListRequest req) =>
        Ok(await svc.ListProjectsAsync(UserId, req));

    // Admin: view any user's saved projects ("user videos" viewer).
    [HttpGet("by-user/{userId:guid}")]
    [Authorize(Roles = "Admin")]
    public async Task<IActionResult> ListByUser(Guid userId, [FromQuery] SavedProjectListRequest req) =>
        Ok(await svc.ListProjectsAsync(userId, req));

    [HttpGet("{id:guid}")]
    public async Task<IActionResult> Get(Guid id) =>
        Ok(await svc.GetProjectAsync(id, UserId));

    [HttpPost]
    public async Task<IActionResult> Create([FromBody] CreateSavedProjectRequest req)
    {
        var result = await svc.CreateProjectAsync(UserId, TenantId, req);
        return CreatedAtAction(nameof(Get), new { id = result.Id }, result);
    }

    [HttpPatch("{id:guid}")]
    public async Task<IActionResult> Update(Guid id, [FromBody] UpdateSavedProjectRequest req) =>
        Ok(await svc.UpdateProjectAsync(id, UserId, req));

    [HttpDelete("{id:guid}")]
    public async Task<IActionResult> Delete(Guid id)
    {
        await svc.DeleteProjectAsync(id, UserId);
        return NoContent();
    }

    /// <summary>
    /// Save all scenes for a project (full atomic replace).
    /// Called by the studio editor on every save.
    /// </summary>
    [HttpPut("{id:guid}/scenes")]
    public async Task<IActionResult> SaveScenes(Guid id, [FromBody] List<SaveSceneRequest> scenes) =>
        Ok(await svc.SaveScenesAsync(id, UserId, scenes));

    /// <summary>Internal endpoint: get project for render service (no user-ownership check).</summary>
    [HttpGet("{id:guid}/render-payload")]
    [Authorize(Roles = "Service")]
    public async Task<IActionResult> GetRenderPayload(Guid id) =>
        Ok(await svc.GetProjectForRenderAsync(id));
}