Relax and rename auth policies for sender/receiver roles

Replaced SenderOrReceiverFullyAuth and ReceiverFullyAuth policies with more general SenderOrReceiver and Receiver policies. Updated policy definitions in AuthPolicy.cs to use nameof for clarity. Adjusted AddAuthorizationBuilder configuration and [Authorize] attributes in controllers to use the new, less restrictive policies, simplifying authorization logic.
2026-02-03 16:08:15 +01:00
parent 1b95b9d7e0
commit eb345a0e4d
4 changed files with 7 additions and 7 deletions
--- a/EnvelopeGenerator.API/Controllers/AuthController.cs
+++ b/EnvelopeGenerator.API/Controllers/AuthController.cs
@@ -34,7 +34,7 @@ public partial class AuthController(IOptions<AuthTokenKeys> authTokenKeyOptions)
    /// <response code="401">Wenn es kein zugelassenes Cookie gibt, wird „nicht zugelassen“ zurückgegeben.</response>
    [ProducesResponseType(typeof(string), StatusCodes.Status200OK, "text/javascript")]
    [ProducesResponseType(typeof(void), StatusCodes.Status401Unauthorized)]
-    [Authorize(Policy = AuthPolicy.SenderOrReceiverFullyAuth)]
+    [Authorize(Policy = AuthPolicy.SenderOrReceiver)]
    [HttpPost("logout")]
    public async Task<IActionResult> Logout()
    {
@@ -56,7 +56,7 @@ public partial class AuthController(IOptions<AuthTokenKeys> authTokenKeyOptions)
    [ProducesResponseType(typeof(void), StatusCodes.Status200OK)]
    [ProducesResponseType(typeof(void), StatusCodes.Status401Unauthorized)]
    [HttpGet("check")]
-    [Authorize(Policy = AuthPolicy.SenderOrReceiverFullyAuth)]
+    [Authorize(Policy = AuthPolicy.SenderOrReceiver)]
    public IActionResult Check([FromQuery] string role) => User.IsInRole(role) ? Ok() : Unauthorized();

    /// <summary>
--- a/EnvelopeGenerator.API/Controllers/TfaRegistrationController.cs
+++ b/EnvelopeGenerator.API/Controllers/TfaRegistrationController.cs
@@ -111,7 +111,7 @@ public class TfaRegistrationController : ControllerBase
    /// <summary>
    /// Logs out the envelope receiver from cookie authentication.
    /// </summary>
-    [Authorize(Policy = AuthPolicy.ReceiverFullyAuth)]
+    [Authorize(Policy = AuthPolicy.Receiver)]
    [HttpPost("auth/logout")]
    public async Task<IActionResult> LogOutAsync()
    {
--- a/EnvelopeGenerator.API/Program.cs
+++ b/EnvelopeGenerator.API/Program.cs
@@ -178,9 +178,9 @@ try
    });

    builder.Services.AddAuthorizationBuilder()
-        .AddPolicy(AuthPolicy.SenderOrReceiverFullyAuth, policy =>
+        .AddPolicy(AuthPolicy.SenderOrReceiver, policy =>
            policy.RequireRole(Role.Sender, Role.Receiver.FullyAuth))
-        .AddPolicy(AuthPolicy.ReceiverFullyAuth, policy =>
+        .AddPolicy(AuthPolicy.Receiver, policy =>
            policy.RequireRole(Role.Receiver.FullyAuth));

    // User manager
--- a/EnvelopeGenerator.Domain/Constants/AuthPolicy.cs
+++ b/EnvelopeGenerator.Domain/Constants/AuthPolicy.cs
@@ -2,7 +2,7 @@ namespace EnvelopeGenerator.Domain.Constants
 {
    public static class AuthPolicy
    {
-        public const string SenderOrReceiverFullyAuth = "SenderOrReceiverFullyAuth";
-        public const string ReceiverFullyAuth = "ReceiverFullyAuth";
+        public const string SenderOrReceiver = nameof(SenderOrReceiver) + nameof(AuthPolicy);
+        public const string Receiver = nameof(Receiver) + nameof(AuthPolicy);
    }
 }