Refactor GetDocument to unify sender and receiver logic
Combined sender and receiver document retrieval into a single GetDocument endpoint. The endpoint now authorizes both Sender and Receiver.FullyAuth roles, handling their logic based on role detection. Sender requires a query parameter; receiver extracts envelope ID from claims and disallows query params. Updated method signature and endpoint documentation.
This commit is contained in:
@@ -19,33 +19,39 @@ namespace EnvelopeGenerator.API.Controllers;
|
|||||||
public class DocumentController(IMediator mediator, ILogger<DocumentController> logger) : ControllerBase
|
public class DocumentController(IMediator mediator, ILogger<DocumentController> logger) : ControllerBase
|
||||||
{
|
{
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Returns the document bytes for the specified envelope receiver key.
|
/// Returns the document bytes receiver.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
/// <param name="query">Encoded envelope key.</param>
|
/// <param name="query">Encoded envelope key.</param>
|
||||||
/// <param name="cancel">Cancellation token.</param>
|
/// <param name="cancel">Cancellation token.</param>
|
||||||
[HttpGet]
|
[HttpGet]
|
||||||
[Authorize(Roles = Role.Sender)]
|
[Authorize(Roles = $"{Role.Sender},{Role.Receiver.FullyAuth}")]
|
||||||
public async Task<IActionResult> GetDocument(ReadDocumentQuery query, CancellationToken cancel)
|
public async Task<IActionResult> GetDocument(CancellationToken cancel, [FromQuery] ReadDocumentQuery? query = null)
|
||||||
{
|
{
|
||||||
var doc = await mediator.Send(query, cancel);
|
// Sender: expects query with envelope key
|
||||||
return doc.ByteData is byte[] docByte
|
if (User.IsInRole(Role.Sender))
|
||||||
? File(docByte, "application/octet-stream")
|
{
|
||||||
: NotFound("Document is empty.");
|
if (query is null)
|
||||||
}
|
return BadRequest("Missing document query.");
|
||||||
|
|
||||||
/// <summary>
|
var senderDoc = await mediator.Send(query, cancel);
|
||||||
/// Returns the document bytes for the receiver.
|
return senderDoc.ByteData is byte[] senderDocByte
|
||||||
/// </summary>
|
? File(senderDocByte, "application/octet-stream")
|
||||||
/// <param name="cancel">Cancellation token.</param>
|
: NotFound("Document is empty.");
|
||||||
[HttpGet]
|
}
|
||||||
[Authorize(Roles = Role.Receiver.FullyAuth)]
|
|
||||||
public async Task<IActionResult> GetDocument(CancellationToken cancel)
|
|
||||||
{
|
|
||||||
var envelopeId = User.GetEnvelopeIdOfReceiver();
|
|
||||||
|
|
||||||
var doc = await mediator.Send(new ReadDocumentQuery() { EnvelopeId = envelopeId }, cancel);
|
// Receiver: resolve envelope id from claims
|
||||||
return doc.ByteData is byte[] docByte
|
if (User.IsInRole(Role.Receiver.FullyAuth))
|
||||||
? File(docByte, "application/octet-stream")
|
{
|
||||||
: NotFound("Document is empty.");
|
if (query is not null)
|
||||||
|
return BadRequest("Query parameters are not allowed for receiver role.");
|
||||||
|
|
||||||
|
var envelopeId = User.GetEnvelopeIdOfReceiver();
|
||||||
|
var receiverDoc = await mediator.Send(new ReadDocumentQuery { EnvelopeId = envelopeId }, cancel);
|
||||||
|
return receiverDoc.ByteData is byte[] receiverDocByte
|
||||||
|
? File(receiverDocByte, "application/octet-stream")
|
||||||
|
: NotFound("Document is empty.");
|
||||||
|
}
|
||||||
|
|
||||||
|
return Unauthorized();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Reference in New Issue
Block a user