From d480dd3a3684d23f3e6f199cbd243809d0ac9acb Mon Sep 17 00:00:00 2001 From: TekH Date: Fri, 6 Feb 2026 13:46:18 +0100 Subject: [PATCH] Refactor DocumentController for async policy-based auth Refactored DocumentController to use IAuthorizationService and async policy checks via IsUserInPolicyAsync instead of role checks. Implemented IAuthController interface and removed ILogger dependency. Updated usings for new authorization logic. --- .../Controllers/DocumentController.cs | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/EnvelopeGenerator.API/Controllers/DocumentController.cs b/EnvelopeGenerator.API/Controllers/DocumentController.cs index 45165517..5ad42022 100644 --- a/EnvelopeGenerator.API/Controllers/DocumentController.cs +++ b/EnvelopeGenerator.API/Controllers/DocumentController.cs @@ -1,3 +1,4 @@ +using EnvelopeGenerator.API.Controllers.Interfaces; using EnvelopeGenerator.API.Extensions; using EnvelopeGenerator.Application.Documents.Queries; using EnvelopeGenerator.Domain.Constants; @@ -16,8 +17,13 @@ namespace EnvelopeGenerator.API.Controllers; [Authorize] [ApiController] [Route("api/[controller]")] -public class DocumentController(IMediator mediator, ILogger logger) : ControllerBase +public class DocumentController(IMediator mediator, IAuthorizationService authService) : ControllerBase, IAuthController { + /// + /// + /// + public IAuthorizationService AuthService => authService; + /// /// Returns the document bytes receiver. /// @@ -28,7 +34,7 @@ public class DocumentController(IMediator mediator, ILogger public async Task GetDocument(CancellationToken cancel, [FromQuery] ReadDocumentQuery? query = null) { // Sender: expects query with envelope key - if (User.IsInRole(Role.Sender)) + if (await this.IsUserInPolicyAsync(AuthPolicy.Sender)) { if (query is null) return BadRequest("Missing document query."); @@ -40,7 +46,7 @@ public class DocumentController(IMediator mediator, ILogger } // Receiver: resolve envelope id from claims - if (User.IsInRole(Role.Receiver.Full)) + if (await this.IsUserInPolicyAsync(AuthPolicy.Receiver)) { if (query is not null) return BadRequest("Query parameters are not allowed for receiver role.");