Добавьте файлы проекта.

PlaylistShared.Api/Controllers/SharedPlaylistController.cs

@@ -0,0 +1,71 @@
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using PlaylistShared.Api.Extensions;
+using PlaylistShared.Api.Services;
+using PlaylistShared.Shared.DTO;
+using PlaylistShared.Shared.Models;
+
+namespace PlaylistShared.Api.Controllers;
+
+[ApiController]
+[Route("api/[controller]")]
+public class SharedPlaylistController : ControllerBase
+{
+    private readonly SharedPlaylistService _sharedService;
+    private readonly YandexMusicService _yandexService;
+
+    public SharedPlaylistController(SharedPlaylistService sharedService, YandexMusicService yandexService)
+    {
+        _sharedService = sharedService;
+        _yandexService = yandexService;
+    }
+
+    [HttpPost]
+    [Authorize]
+    public async Task<ActionResult<ApiResponse<SharedPlaylistDto>>> Create([FromBody] SharePlaylistDto dto)
+    {
+        var userId = User.FindFirst(System.Security.Claims.ClaimTypes.NameIdentifier)?.Value;
+        if (string.IsNullOrEmpty(userId) || !Guid.TryParse(userId, out var guid))
+            return Unauthorized();
+
+        var result = await _sharedService.CreateAsync(guid, dto);
+        return Ok(ApiResponse<SharedPlaylistDto>.Ok(result));
+    }
+
+    [HttpGet("{token}")]
+    public async Task<ActionResult<ApiResponse<SharedPlaylistDto>>> GetByToken(string token)
+    {
+        var playlist = await _sharedService.GetByTokenAsync(token);
+        if (playlist == null)
+            return NotFound(ApiResponse<SharedPlaylistDto>.Fail(new ErrorResponse { StatusCode = 404, Message = "Плейлист не найден" }));
+
+        var currentUserId = User.FindFirst(System.Security.Claims.ClaimTypes.NameIdentifier)?.Value;
+        var userIdGuid = !string.IsNullOrEmpty(currentUserId) ? Guid.Parse(currentUserId) : (Guid?)null;
+
+        // Проверка прав просмотра (требует доступа к сущности)
+        var entity = await _sharedService.GetEntityByTokenAsync(token);
+        if (entity == null || !await _sharedService.CanViewAsync(entity, userIdGuid))
+            return Unauthorized(ApiResponse<SharedPlaylistDto>.Fail(new ErrorResponse { StatusCode = 401, Message = "Недостаточно прав" }));
+
+        return Ok(ApiResponse<SharedPlaylistDto>.Ok(playlist));
+    }
+
+    [HttpPut("{token}/permissions")]
+    [Authorize]
+    public async Task<ActionResult<ApiResponse<SharedPlaylistDto>>> UpdatePermissions(string token, [FromBody] UpdatePermissionsDto dto)
+    {
+        var userId = User.GetUserId();
+        var playlist = await _sharedService.GetEntityByTokenAsync(token);
+        if (playlist == null)
+            return NotFound(ApiResponse<SharedPlaylistDto>.Fail(new ErrorResponse { StatusCode = 404, Message = "Плейлист не найден" }));
+
+        if (playlist.CreatorUserId != userId)
+            return Forbid();
+
+        var updated = await _sharedService.UpdatePermissionsAsync(playlist.Id, dto);
+        if (updated == null)
+            return BadRequest(ApiResponse<SharedPlaylistDto>.Fail(new ErrorResponse { StatusCode = 400, Message = "Ошибка обновления прав" }));
+
+        return Ok(ApiResponse<SharedPlaylistDto>.Ok(updated));
+    }
+}