diff --git a/EnvelopeGenerator.API/Controllers/AuthController.cs b/EnvelopeGenerator.API/Controllers/AuthController.cs index 0b393e38..f47bfdfe 100644 --- a/EnvelopeGenerator.API/Controllers/AuthController.cs +++ b/EnvelopeGenerator.API/Controllers/AuthController.cs @@ -34,7 +34,7 @@ public partial class AuthController(IOptions authTokenKeyOptions) /// Wenn es kein zugelassenes Cookie gibt, wird „nicht zugelassen“ zurückgegeben. [ProducesResponseType(typeof(string), StatusCodes.Status200OK, "text/javascript")] [ProducesResponseType(typeof(void), StatusCodes.Status401Unauthorized)] - [Authorize(Roles = $"{Role.Sender},{Role.Receiver.FullyAuth}")] + [Authorize(Policy = AuthorizationPolicies.SenderOrReceiverFullyAuth)] [HttpPost("logout")] public async Task Logout() { @@ -56,7 +56,7 @@ public partial class AuthController(IOptions authTokenKeyOptions) [ProducesResponseType(typeof(void), StatusCodes.Status200OK)] [ProducesResponseType(typeof(void), StatusCodes.Status401Unauthorized)] [HttpGet("check")] - [Authorize(Roles = $"{Role.Sender},{Role.Receiver.FullyAuth}")] + [Authorize(Policy = AuthorizationPolicies.SenderOrReceiverFullyAuth)] public IActionResult Check([FromQuery] string role) => User.IsInRole(role) ? Ok() : Unauthorized(); /// diff --git a/EnvelopeGenerator.API/Controllers/TfaRegistrationController.cs b/EnvelopeGenerator.API/Controllers/TfaRegistrationController.cs index 0a909cd6..ccfefa28 100644 --- a/EnvelopeGenerator.API/Controllers/TfaRegistrationController.cs +++ b/EnvelopeGenerator.API/Controllers/TfaRegistrationController.cs @@ -111,7 +111,7 @@ public class TfaRegistrationController : ControllerBase /// /// Logs out the envelope receiver from cookie authentication. /// - [Authorize(Roles = Role.FullyAuth)] + [Authorize(Policy = AuthorizationPolicies.ReceiverFullyAuth)] [HttpPost("auth/logout")] public async Task LogOutAsync() {