refactor(Controllers): FullyAuth-Rollenbedingung für jedes bestehende Auth-Attribut hinzugefügt, um die Autorisierung in Stufen aufzuteilen.

EnvelopeGenerator.Web/Controllers/HomeController.cs

@@ -19,7 +19,6 @@ using Ganss.Xss;
 using Newtonsoft.Json;
 using EnvelopeGenerator.Application.DTOs;
 using DigitalData.Core.Client;
-using EnvelopeGenerator.Application.Extensions;
 
 namespace EnvelopeGenerator.Web.Controllers;
 
@@ -321,7 +320,8 @@ public class HomeController : ViewControllerBase
                             new(ClaimTypes.Name, er.Name ?? string.Empty),
                             new(ClaimTypes.Email, er.Receiver.EmailAddress),
                             new(EnvelopeClaimTypes.Title, er.Envelope.Title),
-                            new(EnvelopeClaimTypes.Id, er.Envelope.Id.ToString())
+                            new(EnvelopeClaimTypes.Id, er.Envelope.Id.ToString()),
+                            new(ClaimTypes.Role, ReceiverRole.FullyAuth)
             };
 
             var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
@@ -348,7 +348,7 @@ public class HomeController : ViewControllerBase
         }
     }
 
-    [Authorize]
+    [Authorize(Roles = ReceiverRole.FullyAuth)]
     [HttpGet("EnvelopeKey/{envelopeReceiverId}/Success")]
     public async Task<IActionResult> EnvelopeSigned(string envelopeReceiverId)
     {
@@ -383,7 +383,7 @@ public class HomeController : ViewControllerBase
         }
     }
 
-    [Authorize]
+    [Authorize(Roles = ReceiverRole.FullyAuth)]
     [HttpGet("EnvelopeKey/{envelopeReceiverId}/Rejected")]
     public async Task<IActionResult> EnvelopeRejected(string envelopeReceiverId)
     {
@@ -489,7 +489,7 @@ public class HomeController : ViewControllerBase
         }
     }
 
-    [Authorize]
+    [Authorize(Roles = ReceiverRole.FullyAuth)]
     [HttpGet("IsAuthenticated")]
     public IActionResult IsAuthenticated()
     {