AppStd/EnvelopeGenerator
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Refactor to use named authorization policies in controllers

Browse Source 
Replaced direct role-based [Authorize] attributes with named
authorization policies (e.g., AuthPolicy.Receiver,
AuthPolicy.SenderOrReceiver) in AnnotationController,
DocumentController, and ReadOnlyController. Added and registered
new policies in Program.cs and updated AuthPolicy constants.
This centralizes and simplifies authorization management.
This commit is contained in:
tekh
2026-02-03 16:20:26 +01:00
parent c6c8747d23
commit 0d2425c9cf
5 changed files with 15 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
EnvelopeGenerator.API/Controllers/DocumentController.cs
View File

@@ -24,7 +24,7 @@ public class DocumentController(IMediator mediator, ILogger<DocumentController>
/// <param name="query">Encoded envelope key.</param>
/// <param name="cancel">Cancellation token.</param>
[HttpGet]
[Authorize(Roles = $"{Role.Sender},{Role.Receiver.FullyAuth}")]
[Authorize(Policy = AuthPolicy.SenderOrReceiver)]
public async Task<IActionResult> GetDocument(CancellationToken cancel, [FromQuery] ReadDocumentQuery? query = null)
{
// Sender: expects query with envelope key