Refactor: unify role constants under new Role class

Replaced all usages of ReceiverRole with the new Role class in EnvelopeGenerator.Domain.Constants. Removed ReceiverRole.cs and added Role.cs with PreAuth and FullyAuth constants. Updated all [Authorize] attributes and role checks in controllers and authentication logic to use Role.FullyAuth and Role.PreAuth. This centralizes role management for improved maintainability and clarity.

EnvelopeGenerator.API/Controllers/AnnotationController.cs

@@ -18,7 +18,7 @@ namespace EnvelopeGenerator.API.Controllers;
 /// <summary>
 /// Manages annotations and signature lifecycle for envelopes.
 /// </summary>
-[Authorize(Roles = ReceiverRole.FullyAuth)]
+[Authorize(Roles = Role.FullyAuth)]
 [ApiController]
 [Route("api/[controller]")]
 public class AnnotationController : ControllerBase
@@ -54,7 +54,7 @@ public class AnnotationController : ControllerBase
     /// </summary>
     /// <param name="psPdfKitAnnotation">Annotation payload.</param>
     /// <param name="cancel">Cancellation token.</param>
-    [Authorize(Roles = ReceiverRole.FullyAuth)]
+    [Authorize(Roles = Role.FullyAuth)]
     [HttpPost]
     [Obsolete("This endpoint is for PSPDF Kit.")]
     public async Task<IActionResult> CreateOrUpdate([FromBody] PsPdfKitAnnotation? psPdfKitAnnotation = null, CancellationToken cancel = default)
@@ -93,7 +93,7 @@ public class AnnotationController : ControllerBase
     /// Rejects the document for the current receiver.
     /// </summary>
     /// <param name="reason">Optional rejection reason.</param>
-    [Authorize(Roles = ReceiverRole.FullyAuth)]
+    [Authorize(Roles = Role.FullyAuth)]
     [HttpPost("reject")]
     [Obsolete("Use MediatR")]
     public async Task<IActionResult> Reject([FromBody] string? reason = null)

EnvelopeGenerator.API/Controllers/DocumentController.cs

@@ -14,7 +14,7 @@ namespace EnvelopeGenerator.API.Controllers;
 /// <remarks>
 /// Initializes a new instance of the <see cref="DocumentController"/> class.
 /// </remarks>
-[Authorize(Roles = ReceiverRole.FullyAuth)]
+[Authorize(Roles = Role.FullyAuth)]
 [ApiController]
 [Route("api/[controller]")]
 public class DocumentController(IMediator mediator, ILogger<DocumentController> logger) : ControllerBase

EnvelopeGenerator.API/Controllers/ReadOnlyController.cs

@@ -37,7 +37,7 @@ public class ReadOnlyController : ControllerBase
     /// </summary>
     /// <param name="createDto">Creation payload.</param>
     [HttpPost]
-    [Authorize(Roles = ReceiverRole.FullyAuth)]
+    [Authorize(Roles = Role.FullyAuth)]
     public async Task<IActionResult> CreateAsync([FromBody] EnvelopeReceiverReadOnlyCreateDto createDto)
     {
         var authReceiverMail = User.GetAuthReceiverMail();

EnvelopeGenerator.API/Controllers/TfaRegistrationController.cs

@@ -111,7 +111,7 @@ public class TfaRegistrationController : ControllerBase
     /// <summary>
     /// Logs out the envelope receiver from cookie authentication.
     /// </summary>
-    [Authorize(Roles = ReceiverRole.FullyAuth)]
+    [Authorize(Roles = Role.FullyAuth)]
     [HttpPost("auth/logout")]
     public async Task<IActionResult> LogOutAsync()
     {

EnvelopeGenerator.Domain/Constants/Role.cs

@@ -1,6 +1,6 @@
 namespace EnvelopeGenerator.Domain.Constants
 {
-    public static class ReceiverRole
+    public static class Role
     {
         public const string PreAuth = "PreAuth";
         public const string FullyAuth = "FullyAuth";

EnvelopeGenerator.Web/Controllers/AnnotationController.cs

@@ -15,7 +15,7 @@ using Microsoft.AspNetCore.Mvc;
 
 namespace EnvelopeGenerator.Web.Controllers;
 
-[Authorize(Roles = ReceiverRole.FullyAuth)]
+[Authorize(Roles = Role.FullyAuth)]
 [ApiController]
 [Route("api/[controller]")]
 public class AnnotationController : ControllerBase
@@ -42,7 +42,7 @@ public class AnnotationController : ControllerBase
         _logger = logger;
     }
 
-    [Authorize(Roles = ReceiverRole.FullyAuth)]
+    [Authorize(Roles = Role.FullyAuth)]
     [HttpPost]
     public async Task<IActionResult> CreateOrUpdate([FromBody] PsPdfKitAnnotation? psPdfKitAnnotation = null, CancellationToken cancel = default)
     {
@@ -80,7 +80,7 @@ public class AnnotationController : ControllerBase
         return Ok();
     }
     
-    [Authorize(Roles = ReceiverRole.FullyAuth)]
+    [Authorize(Roles = Role.FullyAuth)]
     [HttpPost("reject")]
     [Obsolete("Use DigitalData.Core.Exceptions and .Middleware")]
     public async Task<IActionResult> Reject([FromBody] string? reason = null)

EnvelopeGenerator.Web/Controllers/DocumentController.cs

@@ -8,7 +8,7 @@ using Microsoft.AspNetCore.Mvc;
 
 namespace EnvelopeGenerator.Web.Controllers;
 
-[Authorize(Roles = ReceiverRole.FullyAuth)]
+[Authorize(Roles = Role.FullyAuth)]
 [ApiController]
 [Route("api/[controller]")]
 public class DocumentController : ControllerBase

EnvelopeGenerator.Web/Controllers/EnvelopeController.cs

@@ -107,7 +107,7 @@ public class EnvelopeController : ViewControllerBase
                     return this.ViewEnvelopeNotFound();
                 }
                 var er_secret = er_secret_res.Data;
-                await HttpContext.SignInEnvelopeAsync(er_secret, ReceiverRole.FullyAuth);
+                await HttpContext.SignInEnvelopeAsync(er_secret, Role.FullyAuth);
                 return await CreateShowEnvelopeView(er_secret);
             }
             #endregion UseAccessCode
@@ -172,7 +172,7 @@ public class EnvelopeController : ViewControllerBase
             }
 
             // show envelope if already logged in
-            if (User.IsInRole(ReceiverRole.FullyAuth))
+            if (User.IsInRole(Role.FullyAuth))
                 return await CreateShowEnvelopeView(er_secret);
 
             if (auth.HasMulti)
@@ -206,7 +206,7 @@ public class EnvelopeController : ViewControllerBase
                         .WithData("ErrorMessage", _localizer.WrongEnvelopeReceiverId());
             }
 
-            await HttpContext.SignInEnvelopeAsync(er_secret, ReceiverRole.FullyAuth);
+            await HttpContext.SignInEnvelopeAsync(er_secret, Role.FullyAuth);
 
             return await CreateShowEnvelopeView(er_secret);
         }
@@ -225,9 +225,9 @@ public class EnvelopeController : ViewControllerBase
             && uuidClaim == er.Envelope?.Uuid
             && signatureClaim is not null
             && signatureClaim == er.Receiver?.Signature
-            && User.IsInRole(ReceiverRole.FullyAuth))
+            && User.IsInRole(Role.FullyAuth))
         {
-            await HttpContext.SignInEnvelopeAsync(er, ReceiverRole.FullyAuth);
+            await HttpContext.SignInEnvelopeAsync(er, Role.FullyAuth);
 
             //add PSPDFKit licence key
             ViewData["PSPDFKitLicenseKey"] = _configuration["PSPDFKitLicenseKey"];
@@ -262,7 +262,7 @@ public class EnvelopeController : ViewControllerBase
             return this.ViewDocumentNotFound();
         }
 
-        await HttpContext.SignInEnvelopeAsync(er, ReceiverRole.FullyAuth);
+        await HttpContext.SignInEnvelopeAsync(er, Role.FullyAuth);
 
         ViewData["ReadAndConfirm"] = er.Envelope.ReadOnly;
 
@@ -334,7 +334,7 @@ public class EnvelopeController : ViewControllerBase
                 await _rcvService.UpdateAsync(rcv);
             }
 
-            await HttpContext.SignInEnvelopeAsync(er_secret, ReceiverRole.PreAuth);
+            await HttpContext.SignInEnvelopeAsync(er_secret, Role.PreAuth);
 
             return await TFAViewAsync(auth.UserSelectSMS, er_secret, envelopeReceiverId);
         }
@@ -348,7 +348,7 @@ public class EnvelopeController : ViewControllerBase
         if (er_secret.Receiver!.TotpSecretkey is null)
             throw new InvalidOperationException($"TotpSecretkey of DTO cannot validate without TotpSecretkey. Dto: {JsonConvert.SerializeObject(er_secret)}");
         
-        if (!User.IsInRole(ReceiverRole.PreAuth) || !_envSmsHandler.VerifyTotp(auth.SmsCode!, er_secret.Receiver.TotpSecretkey))
+        if (!User.IsInRole(Role.PreAuth) || !_envSmsHandler.VerifyTotp(auth.SmsCode!, er_secret.Receiver.TotpSecretkey))
         {
             Response.StatusCode = StatusCodes.Status401Unauthorized;
             ViewData["ErrorMessage"] = _localizer.WrongAccessCode();
@@ -364,7 +364,7 @@ public class EnvelopeController : ViewControllerBase
         if (er_secret.Receiver!.TotpSecretkey is null)
             throw new InvalidOperationException($"TotpSecretkey of DTO cannot validate without TotpSecretkey. Dto: {JsonConvert.SerializeObject(er_secret)}");
 
-        if (!User.IsInRole(ReceiverRole.PreAuth) || !_authenticator.VerifyTotp(auth.AuthenticatorCode!, er_secret.Receiver.TotpSecretkey, window: VerificationWindow.RfcSpecifiedNetworkDelay))
+        if (!User.IsInRole(Role.PreAuth) || !_authenticator.VerifyTotp(auth.AuthenticatorCode!, er_secret.Receiver.TotpSecretkey, window: VerificationWindow.RfcSpecifiedNetworkDelay))
         {
             Response.StatusCode = StatusCodes.Status401Unauthorized;
             ViewData["ErrorMessage"] = _localizer.WrongAccessCode();

EnvelopeGenerator.Web/Controllers/ReadOnlyController.cs

@@ -34,7 +34,7 @@ namespace EnvelopeGenerator.Web.Controllers
         }
 
         [HttpPost]
-        [Authorize(Roles = ReceiverRole.FullyAuth)]
+        [Authorize(Roles = Role.FullyAuth)]
         [Obsolete("Use MediatR")]
         public async Task<IActionResult> CreateAsync([FromBody] EnvelopeReceiverReadOnlyCreateDto createDto)
         {

EnvelopeGenerator.Web/Controllers/TFARegController.cs

@@ -91,7 +91,7 @@ public class TFARegController : ViewControllerBase
         }
     }
 
-    [Authorize(Roles = ReceiverRole.FullyAuth)]
+    [Authorize(Roles = Role.FullyAuth)]
     [HttpPost("auth/logout")]
     public async Task<IActionResult> LogOut()
     {