From a8a73724e6aed01d1d1bc9a99120eee1434cf1a0 Mon Sep 17 00:00:00 2001
From: TekH <h.tek@digitaldata.works>
Date: Thu, 18 Sep 2025 20:48:09 +0200
Subject: [PATCH] refactor(EnvelopeController): add logic to check the claims
 with role

---
 EnvelopeGenerator.Web/Controllers/EnvelopeController.cs | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/EnvelopeGenerator.Web/Controllers/EnvelopeController.cs b/EnvelopeGenerator.Web/Controllers/EnvelopeController.cs
index 055c3879..9c1f399f 100644
--- a/EnvelopeGenerator.Web/Controllers/EnvelopeController.cs
+++ b/EnvelopeGenerator.Web/Controllers/EnvelopeController.cs
@@ -193,7 +193,13 @@ public class EnvelopeController : ViewControllerBase
 
     private async Task<IActionResult> CreateEnvelopeLockedView(EnvelopeReceiverDto er, CancellationToken cancel)
     {
-        if (User.IsInRole(ReceiverRole.FullyAuth))
+        var uuidClaim = User.GetAuthEnvelopeUuid();
+        var signatureClaim = User.GetAuthReceiverSignature();
+        if (uuidClaim is not null
+            && uuidClaim == er.Envelope?.Uuid
+            && signatureClaim is not null
+            && signatureClaim == er.Receiver?.Signature
+            && User.IsInRole(ReceiverRole.FullyAuth))
         {
             if (er.Envelope!.Documents?.FirstOrDefault() is DocumentDto doc && doc.ByteData is not null)
             {