books/backend/Books.Api/EventFlow/Repositories/AttachmentRepository.cs

using Books.Api.EventFlow.ReadModels;
using Dapper;
using Npgsql;

namespace Books.Api.EventFlow.Repositories;

public class AttachmentRepository(NpgsqlDataSource dataSource) : IAttachmentRepository
{
    private const string SelectColumns = """
        aggregate_id AS Id,
        company_id AS CompanyId,
        file_name AS FileName,
        original_file_name AS OriginalFileName,
        content_type AS ContentType,
        file_size AS FileSize,
        storage_path AS StoragePath,
        uploaded_by AS UploadedBy,
        uploaded_at AS UploadedAt,
        draft_id AS DraftId,
        transaction_id AS TransactionId,
        retention_end_date AS RetentionEndDate,
        is_deleted AS IsDeleted
        """;

    public async Task<AttachmentReadModelDto?> GetByIdAsync(string id, CancellationToken cancellationToken = default)
    {
        await using var connection = await dataSource.OpenConnectionAsync(cancellationToken);

        var sql = $"""
            SELECT {SelectColumns}
            FROM attachment_read_models
            WHERE aggregate_id = @Id AND is_deleted = FALSE
            """;

        return await connection.QuerySingleOrDefaultAsync<AttachmentReadModelDto>(sql, new { Id = id });
    }

    public async Task<AttachmentReadModelDto?> GetByStoragePathAsync(string storagePath, CancellationToken cancellationToken = default)
    {
        await using var connection = await dataSource.OpenConnectionAsync(cancellationToken);

        var sql = $"""
            SELECT {SelectColumns}
            FROM attachment_read_models
            WHERE storage_path = @StoragePath AND is_deleted = FALSE
            """;

        return await connection.QuerySingleOrDefaultAsync<AttachmentReadModelDto>(sql, new { StoragePath = storagePath });
    }

    public async Task<IReadOnlyList<AttachmentReadModelDto>> GetByCompanyIdAsync(string companyId, CancellationToken cancellationToken = default)
    {
        await using var connection = await dataSource.OpenConnectionAsync(cancellationToken);

        var sql = $"""
            SELECT {SelectColumns}
            FROM attachment_read_models
            WHERE company_id = @CompanyId AND is_deleted = FALSE
            ORDER BY uploaded_at DESC
            """;

        var result = await connection.QueryAsync<AttachmentReadModelDto>(sql, new { CompanyId = companyId });
        return result.ToList();
    }

    public async Task<IReadOnlyList<AttachmentReadModelDto>> GetByDraftIdAsync(string draftId, CancellationToken cancellationToken = default)
    {
        await using var connection = await dataSource.OpenConnectionAsync(cancellationToken);

        var sql = $"""
            SELECT {SelectColumns}
            FROM attachment_read_models
            WHERE draft_id = @DraftId AND is_deleted = FALSE
            ORDER BY uploaded_at ASC
            """;

        var result = await connection.QueryAsync<AttachmentReadModelDto>(sql, new { DraftId = draftId });
        return result.ToList();
    }

    public async Task<IReadOnlyList<AttachmentReadModelDto>> GetByTransactionIdAsync(string transactionId, CancellationToken cancellationToken = default)
    {
        await using var connection = await dataSource.OpenConnectionAsync(cancellationToken);

        var sql = $"""
            SELECT {SelectColumns}
            FROM attachment_read_models
            WHERE transaction_id = @TransactionId AND is_deleted = FALSE
            ORDER BY uploaded_at ASC
            """;

        var result = await connection.QueryAsync<AttachmentReadModelDto>(sql, new { TransactionId = transactionId });
        return result.ToList();
    }

    public async Task<IReadOnlyList<AttachmentReadModelDto>> GetByIdsAsync(IEnumerable<string> ids, CancellationToken cancellationToken = default)
    {
        await using var connection = await dataSource.OpenConnectionAsync(cancellationToken);

        var sql = $"""
            SELECT {SelectColumns}
            FROM attachment_read_models
            WHERE aggregate_id = ANY(@Ids) AND is_deleted = FALSE
            ORDER BY uploaded_at ASC
            """;

        var result = await connection.QueryAsync<AttachmentReadModelDto>(sql, new { Ids = ids.ToArray() });
        return result.ToList();
    }
}
Add all backend domain, commands, repositories, and tests This commit includes all previously untracked backend files: Domain: - Accounts, Attachments, BankConnections, Customers - FiscalYears, Invoices, JournalEntryDrafts - Orders, Products, UserAccess Commands & Handlers: - Full CQRS command structure for all domains Repositories: - PostgreSQL repositories for all read models - Bank transaction and ledger repositories GraphQL: - Input types, scalars, and types for all entities - Mutations and queries Infrastructure: - Banking integration (Enable Banking client) - File storage, Invoicing, Reporting, SAF-T export - Database migrations (003-029) Tests: - Integration tests for GraphQL endpoints - Domain tests - Invoicing and reporting tests Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-30 22:19:42 +01:00			`using Books.Api.EventFlow.ReadModels;`
			`using Dapper;`
			`using Npgsql;`

			`namespace Books.Api.EventFlow.Repositories;`

			`public class AttachmentRepository(NpgsqlDataSource dataSource) : IAttachmentRepository`
			`{`
			`private const string SelectColumns = """`
			`aggregate_id AS Id,`
			`company_id AS CompanyId,`
			`file_name AS FileName,`
			`original_file_name AS OriginalFileName,`
			`content_type AS ContentType,`
			`file_size AS FileSize,`
			`storage_path AS StoragePath,`
			`uploaded_by AS UploadedBy,`
			`uploaded_at AS UploadedAt,`
			`draft_id AS DraftId,`
			`transaction_id AS TransactionId,`
			`retention_end_date AS RetentionEndDate,`
			`is_deleted AS IsDeleted`
			`""";`

			`public async Task<AttachmentReadModelDto?> GetByIdAsync(string id, CancellationToken cancellationToken = default)`
			`{`
			`await using var connection = await dataSource.OpenConnectionAsync(cancellationToken);`

			`var sql = $"""`
			`SELECT {SelectColumns}`
			`FROM attachment_read_models`
			`WHERE aggregate_id = @Id AND is_deleted = FALSE`
			`""";`

			`return await connection.QuerySingleOrDefaultAsync<AttachmentReadModelDto>(sql, new { Id = id });`
			`}`

Audit v2: fix security, data integrity, compliance, bugs, encoding, UX Backend Security & Data Integrity: - Block negative debit/credit amounts that bypass balance validation - Require document date at posting (was optional, bypassing fiscal year checks) - Fix event sourcing anti-pattern: timestamps now stored in events, not UtcNow in Apply - Add [Authorize] to BankingController OAuth callback - Add company access check on attachment downloads - Validate CVR in CompanyAggregate.Create and CompanyAggregate.Update - Require company CVR for invoice creation (Momsloven §52) - Delete leftover WeatherForecastController - Fix duplicate migration number 007 (renamed to 007b) - Remove dead code in VatCalculationService (identical if/else branches) Accounting Compliance: - Add missing VAT accounts to StandardDanishAccounts (5610, 5611, 5620) - Populate SAF-T TaxInformation on transaction lines (was always null) - Add AuditFileCountry and TaxRegistrationNumber to SAF-T header Critical Frontend Bugs: - Fix Dashboard <a href> causing full page reloads (now uses React Router Link) - Wire Kassekladde filters to actual data (account, status, date range) - Pre-populate form when editing existing Kassekladde drafts - Add detail drawer for "Vis detaljer" action (was just a toast) - Toggle advanced filters with "Flere filtre" button - CloseFiscalYearWizard now actually posts closing entries via mutations - "Create next year" checkbox now creates the next fiscal year Danish Character Encoding (~50 fixes): - Fix ø/æ/å across Momsindberetning, DocumentUploadModal, Bankafstemning, Kontooversigt, CloseFiscalYearWizard, vatCodes, periodStore, periods, accounting, types/periods Dead Buttons & UX: - Disable Momsindberetning PDF/Export buttons with tooltips - FiscalYearSelector "Administrer" now navigates to Settings - Settings bank tab now uses real BankConnectionsTab component - Bankafstemning save button disabled with development tooltip - Replace hardcoded account options with real API data (Bankafstemning, Fakturaer) - Header help button shows info message, notification bell shows popover Consistency & Quality: - Remove 7 console.log statements from production code - Adopt PageHeader on 6 remaining pages (Kreditnotaer, Settings, Admin, etc.) - Standardize loading states to Skeleton pattern (5 pages) - Replace deprecated bodyStyle prop on Ant Design Cards - Standardize date format to DD-MM-YYYY - Fix sidebar width mismatch in designTokens - Fix Kontooversigt breadcrumb pointing to non-existent route Accessibility: - Add aria-label to sidebar navigation - Add +/- prefix to AmountText for color-blind users - Fix CompanySwitcher permanent skeleton when no companies Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-06 00:18:19 +01:00			`public async Task<AttachmentReadModelDto?> GetByStoragePathAsync(string storagePath, CancellationToken cancellationToken = default)`
			`{`
			`await using var connection = await dataSource.OpenConnectionAsync(cancellationToken);`

			`var sql = $"""`
			`SELECT {SelectColumns}`
			`FROM attachment_read_models`
			`WHERE storage_path = @StoragePath AND is_deleted = FALSE`
			`""";`

			`return await connection.QuerySingleOrDefaultAsync<AttachmentReadModelDto>(sql, new { StoragePath = storagePath });`
			`}`

Add all backend domain, commands, repositories, and tests This commit includes all previously untracked backend files: Domain: - Accounts, Attachments, BankConnections, Customers - FiscalYears, Invoices, JournalEntryDrafts - Orders, Products, UserAccess Commands & Handlers: - Full CQRS command structure for all domains Repositories: - PostgreSQL repositories for all read models - Bank transaction and ledger repositories GraphQL: - Input types, scalars, and types for all entities - Mutations and queries Infrastructure: - Banking integration (Enable Banking client) - File storage, Invoicing, Reporting, SAF-T export - Database migrations (003-029) Tests: - Integration tests for GraphQL endpoints - Domain tests - Invoicing and reporting tests Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-30 22:19:42 +01:00			`public async Task<IReadOnlyList<AttachmentReadModelDto>> GetByCompanyIdAsync(string companyId, CancellationToken cancellationToken = default)`
			`{`
			`await using var connection = await dataSource.OpenConnectionAsync(cancellationToken);`

			`var sql = $"""`
			`SELECT {SelectColumns}`
			`FROM attachment_read_models`
			`WHERE company_id = @CompanyId AND is_deleted = FALSE`
			`ORDER BY uploaded_at DESC`
			`""";`

			`var result = await connection.QueryAsync<AttachmentReadModelDto>(sql, new { CompanyId = companyId });`
			`return result.ToList();`
			`}`

			`public async Task<IReadOnlyList<AttachmentReadModelDto>> GetByDraftIdAsync(string draftId, CancellationToken cancellationToken = default)`
			`{`
			`await using var connection = await dataSource.OpenConnectionAsync(cancellationToken);`

			`var sql = $"""`
			`SELECT {SelectColumns}`
			`FROM attachment_read_models`
			`WHERE draft_id = @DraftId AND is_deleted = FALSE`
			`ORDER BY uploaded_at ASC`
			`""";`

			`var result = await connection.QueryAsync<AttachmentReadModelDto>(sql, new { DraftId = draftId });`
			`return result.ToList();`
			`}`

			`public async Task<IReadOnlyList<AttachmentReadModelDto>> GetByTransactionIdAsync(string transactionId, CancellationToken cancellationToken = default)`
			`{`
			`await using var connection = await dataSource.OpenConnectionAsync(cancellationToken);`

			`var sql = $"""`
			`SELECT {SelectColumns}`
			`FROM attachment_read_models`
			`WHERE transaction_id = @TransactionId AND is_deleted = FALSE`
			`ORDER BY uploaded_at ASC`
			`""";`

			`var result = await connection.QueryAsync<AttachmentReadModelDto>(sql, new { TransactionId = transactionId });`
			`return result.ToList();`
			`}`

			`public async Task<IReadOnlyList<AttachmentReadModelDto>> GetByIdsAsync(IEnumerable<string> ids, CancellationToken cancellationToken = default)`
			`{`
			`await using var connection = await dataSource.OpenConnectionAsync(cancellationToken);`

			`var sql = $"""`
			`SELECT {SelectColumns}`
			`FROM attachment_read_models`
			`WHERE aggregate_id = ANY(@Ids) AND is_deleted = FALSE`
			`ORDER BY uploaded_at ASC`
			`""";`

			`var result = await connection.QueryAsync<AttachmentReadModelDto>(sql, new { Ids = ids.ToArray() });`
			`return result.ToList();`
			`}`
			`}`