AppStd/EnvelopeGenerator
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Simplify GetDocument authorization logic

Browse Source 
Refactor `DocumentController.GetDocument` to exclusively support the "Sender" role by removing logic for the "Receiver" role. Update the `[Authorize]` attribute to enforce the `AuthPolicy.Sender` policy instead of `AuthPolicy.SenderOrReceiver`.

Remove the `AuthPolicy.SenderOrReceiver` policy from `Program.cs` authorization configuration, reflecting the decision to separate role-based access more explicitly. The application now defines distinct policies for "Sender" and "Receiver" roles without combining them.
This commit is contained in:
tekh
2026-06-25 15:18:20 +02:00
parent b5bb2bbaae
commit 67798b35da
2 changed files with 7 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
EnvelopeGenerator.Server/EnvelopeGenerator.Server/Controllers/DocumentController.cs
View File

@@ -30,35 +30,16 @@ public class DocumentController(IMediator mediator, IAuthorizationService authSe
/// <param name="query">Encoded envelope key.</param> /// <param name="query">Encoded envelope key.</param>
/// <param name="cancel">Cancellation token.</param> /// <param name="cancel">Cancellation token.</param>
[HttpGet] [HttpGet]
[Authorize(Policy = AuthPolicy.SenderOrReceiver)] [Authorize(Policy = AuthPolicy.Sender)]
public async Task<IActionResult> GetDocument(CancellationToken cancel, [FromQuery] ReadDocumentQuery? query = null) public async Task<IActionResult> GetDocument(CancellationToken cancel, [FromQuery] ReadDocumentQuery? query = null)
{ {
// Sender: expects query with envelope key if (query is null)
if (await this.IsUserInPolicyAsync(AuthPolicy.Sender)) return BadRequest("Missing document query.");
{
if (query is null)
return BadRequest("Missing document query.");
var senderDoc = await mediator.Send(query, cancel); var senderDoc = await mediator.Send(query, cancel);
return senderDoc.ByteData is byte[] senderDocByte return senderDoc.ByteData is byte[] senderDocByte
? File(senderDocByte, "application/octet-stream") ? File(senderDocByte, "application/octet-stream")
: NotFound("Document is empty."); : NotFound("Document is empty.");
}
// Receiver: resolve envelope id from claims
if (await this.IsUserInPolicyAsync(AuthPolicy.Receiver))
{
if (query is not null)
return BadRequest("Query parameters are not allowed for receiver role.");
var envelopeId = User.EnvelopeId();
var receiverDoc = await mediator.Send(new ReadDocumentQuery { EnvelopeId = envelopeId }, cancel);
return receiverDoc.ByteData is byte[] receiverDocByte
? File(receiverDocByte, "application/octet-stream")
: NotFound("Document is empty.");
}
return Unauthorized();
} }
/// <summary> /// <summary>

1
EnvelopeGenerator.Server/EnvelopeGenerator.Server/Program.cs
View File

@@ -255,7 +255,6 @@ try
// Authorization Policies // Authorization Policies
builder.Services.AddAuthorizationBuilder() builder.Services.AddAuthorizationBuilder()
.AddPolicy(AuthPolicy.SenderOrReceiver, policy => policy.RequireRole(Role.Sender, Role.Receiver.Full))
.AddPolicy(AuthPolicy.Sender, policy => policy .AddPolicy(AuthPolicy.Sender, policy => policy
.RequireRole(Role.Sender) .RequireRole(Role.Sender)
.AddAuthenticationSchemes(AuthScheme.Sender)) .AddAuthenticationSchemes(AuthScheme.Sender))