AppStd/EnvelopeGenerator
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix(AnnotationController): enforce proper rejection and history checks in CreateOrUpdate

Browse Source 
- Updated `AnyHistoryAsync` call to filter by `EnvelopeRejected` and `DocumentRejected` statuses, returning 403 instead of 200 when applicable.
- Ensures users cannot proceed if envelope was previously rejected.
- Minor cleanup in CreateOrUpdate logic to better handle authorization and signed checks.
This commit is contained in:
tekh 2025-11-14 13:49:58 +01:00
parent 99e3e4c24d
commit 773721b634
2 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
EnvelopeGenerator.Application/Histories/Queries/CountHistoryQuery.cs
View File

@ -26,7 +26,7 @@ public static class CountHistoryQueryExtensions
/// <param name="statuses"></param> /// <param name="statuses"></param>
/// <param name="cancel"></param> /// <param name="cancel"></param>
/// <returns></returns> /// <returns></returns>
public static async Task<bool> AnyHistoryAsync(this ISender sender, string uuid, IEnumerable<EnvelopeStatus> statuses, CancellationToken cancel) public static async Task<bool> AnyHistoryAsync(this ISender sender, string uuid, IEnumerable<EnvelopeStatus> statuses, CancellationToken cancel = default)
{ {
var count = await sender.Send(new CountHistoryQuery var count = await sender.Send(new CountHistoryQuery
{ {

5
EnvelopeGenerator.Web/Controllers/AnnotationController.cs
View File

@ -12,7 +12,6 @@ using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies; using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
using System.Dynamic;
namespace EnvelopeGenerator.Web.Controllers; namespace EnvelopeGenerator.Web.Controllers;
@ -60,8 +59,8 @@ public class AnnotationController : ControllerBase
// Again check if receiver has already signed // Again check if receiver has already signed
if (await _mediator.IsSignedAsync(uuid, signature, cancel)) if (await _mediator.IsSignedAsync(uuid, signature, cancel))
return Problem(statusCode: 403); return Problem(statusCode: 403);
else if (await _mediator.AnyHistoryAsync()) else if (await _mediator.AnyHistoryAsync(uuid, new[] { EnvelopeStatus.EnvelopeRejected, EnvelopeStatus.DocumentRejected }, cancel))
return Problem(statusCode: 200); return Problem(statusCode: 403);
var docSignedNotification = await _mediator var docSignedNotification = await _mediator
.ReadEnvelopeReceiverAsync(uuid, signature, cancel) .ReadEnvelopeReceiverAsync(uuid, signature, cancel)