Restrict annotation endpoints to Receiver.FullyAuth role

Updated [Authorize] attributes to require Receiver.FullyAuth role on AnnotationController and relevant methods. Removed redundant claim checks now enforced by role-based authorization. Clarified [Obsolete] message for PSPDF Kit endpoint.

EnvelopeGenerator.API/Controllers/AnnotationController.cs

@@ -18,7 +18,7 @@ namespace EnvelopeGenerator.API.Controllers;
 /// <summary>
 /// Manages annotations and signature lifecycle for envelopes.
 /// </summary>
-[Authorize(Roles = Role.FullyAuth)]
+[Authorize(Roles = Role.Receiver.FullyAuth)]
 [ApiController]
 [Route("api/[controller]")]
 public class AnnotationController : ControllerBase
@@ -54,20 +54,14 @@ public class AnnotationController : ControllerBase
     /// </summary>
     /// <param name="psPdfKitAnnotation">Annotation payload.</param>
     /// <param name="cancel">Cancellation token.</param>
-    [Authorize(Roles = Role.FullyAuth)]
+    [Authorize(Roles = Role.Receiver.FullyAuth)]
     [HttpPost]
-    [Obsolete("This endpoint is for PSPDF Kit.")]
+    [Obsolete("PSPDF Kit will no longer be used.")]
     public async Task<IActionResult> CreateOrUpdate([FromBody] PsPdfKitAnnotation? psPdfKitAnnotation = null, CancellationToken cancel = default)
     {
         var signature = User.GetAuthReceiverSignature();
         var uuid = User.GetAuthEnvelopeUuid();
 
-        if (signature is null || uuid is null)
-        {
-            _logger.LogError("Authorization failed: authenticated user does not have a valid signature or envelope UUID.");
-            return Unauthorized("User authentication is incomplete. Missing required claims for processing this request.");
-        }
-
         var envelopeReceiver = await _mediator.ReadEnvelopeReceiverAsync(uuid, signature, cancel).ThrowIfNull(Exceptions.NotFound);
 
         if (!envelopeReceiver.Envelope!.ReadOnly && psPdfKitAnnotation is null)
@@ -93,7 +87,7 @@ public class AnnotationController : ControllerBase
     /// Rejects the document for the current receiver.
     /// </summary>
     /// <param name="reason">Optional rejection reason.</param>
-    [Authorize(Roles = Role.FullyAuth)]
+    [Authorize(Roles = Role.Receiver.FullyAuth)]
     [HttpPost("reject")]
     [Obsolete("Use MediatR")]
     public async Task<IActionResult> Reject([FromBody] string? reason = null)
@@ -101,12 +95,6 @@ public class AnnotationController : ControllerBase
         var signature = User.GetAuthReceiverSignature();
         var uuid = User.GetAuthEnvelopeUuid();
         var mail = User.GetAuthReceiverMail();
-        if (uuid is null || signature is null || mail is null)
-        {
-            _logger.LogEnvelopeError(uuid: uuid, signature: signature,
-                message: @$"Unauthorized POST request in api\\envelope\\reject. One of claims, Envelope, signature or mail ({mail}) is null.");
-            return Unauthorized();
-        }
 
         var envRcvRes = await _envelopeReceiverService.ReadByUuidSignatureAsync(uuid: uuid, signature: signature);