From 72dffd1043dc032d04404c8bef19efd9d003f4d8 Mon Sep 17 00:00:00 2001 From: TekH Date: Mon, 2 Feb 2026 10:17:55 +0100 Subject: [PATCH] Update SQL to use User.GetId() for current user context Replaced usage of the userId variable with User.GetId() when formatting the SQL query in EnvelopeReceiverController. This ensures the user ID is dynamically retrieved from the authenticated user context, improving accuracy and security. --- .../Controllers/EnvelopeReceiverController.cs | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/EnvelopeGenerator.API/Controllers/EnvelopeReceiverController.cs b/EnvelopeGenerator.API/Controllers/EnvelopeReceiverController.cs index 0fce25c4..a61373f7 100644 --- a/EnvelopeGenerator.API/Controllers/EnvelopeReceiverController.cs +++ b/EnvelopeGenerator.API/Controllers/EnvelopeReceiverController.cs @@ -225,18 +225,14 @@ public class EnvelopeReceiverController : ControllerBase using (SqlConnection conn = new(_cnnStr)) { conn.Open(); - var formattedSQL_hist = string.Format(sql_hist, envelope.Uuid.ToSqlParam(), 1003.ToSqlParam(), userId.ToSqlParam()); - using (SqlCommand cmd = new SqlCommand(formattedSQL_hist, conn)) - { - cmd.CommandType = CommandType.Text; + var formattedSQL_hist = string.Format(sql_hist, envelope.Uuid.ToSqlParam(), 1003.ToSqlParam(), User.GetId().ToSqlParam()); + using SqlCommand cmd = new(formattedSQL_hist, conn); + cmd.CommandType = CommandType.Text; - using (SqlDataReader reader = cmd.ExecuteReader()) - { - if (reader.Read()) - { - bool outSuccess = reader.GetBoolean(0); - } - } + using SqlDataReader reader = cmd.ExecuteReader(); + if (reader.Read()) + { + bool outSuccess = reader.GetBoolean(0); } } #endregion