From 6254bb6e3f9d8cfaa33f42d5a19086f22b4d8da7 Mon Sep 17 00:00:00 2001
From: TekH <h.tek@digitaldata.works>
Date: Mon, 2 Feb 2026 14:55:10 +0100
Subject: [PATCH] Update auth role and envelopeId check in CreateAsync

Changed [Authorize] to require Receiver.FullyAuth role for CreateAsync, restricting access to receiver users. Removed explicit null check and logging for envelopeId claim, allowing the method to proceed without this validation.
---
 EnvelopeGenerator.API/Controllers/ReadOnlyController.cs | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/EnvelopeGenerator.API/Controllers/ReadOnlyController.cs b/EnvelopeGenerator.API/Controllers/ReadOnlyController.cs
index 24f246b8..64ae1c15 100644
--- a/EnvelopeGenerator.API/Controllers/ReadOnlyController.cs
+++ b/EnvelopeGenerator.API/Controllers/ReadOnlyController.cs
@@ -37,7 +37,7 @@ public class ReadOnlyController : ControllerBase
     /// </summary>
     /// <param name="createDto">Creation payload.</param>
     [HttpPost]
-    [Authorize(Roles = Role.FullyAuth)]
+    [Authorize(Roles = Role.Receiver.FullyAuth)]
     public async Task<IActionResult> CreateAsync([FromBody] EnvelopeReceiverReadOnlyCreateDto createDto)
     {
         var authReceiverMail = User.GetAuthReceiverMail();
@@ -48,11 +48,6 @@ public class ReadOnlyController : ControllerBase
         }
 
         var envelopeId = User.GetAuthEnvelopeId();
-        if (envelopeId is null)
-        {
-            _logger.LogError("Envelope Id claim is not found in envelope-receiver-read-only creation process. Create DTO is:\n {dto}", JsonConvert.SerializeObject(createDto));
-            return Unauthorized();
-        }
 
         createDto.AddedWho = authReceiverMail;
         createDto.EnvelopeId = envelopeId;