From fa354a05cc8e5ca58e14f5734f14a7e38badabcb Mon Sep 17 00:00:00 2001
From: TekH <h.tek@digitaldata.works>
Date: Fri, 12 Jun 2026 15:21:29 +0200
Subject: [PATCH] Update authorization policy in ConfigController

Replaced the generic [Authorize] attribute with a more specific
[Authorize(Policy = AuthPolicy.SenderOrReceiver)] to enforce
a stricter authorization policy. Added a `using` directive for
`EnvelopeGenerator.Domain.Constants` to support the new policy.
---
 EnvelopeGenerator.API/Controllers/ConfigController.cs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/EnvelopeGenerator.API/Controllers/ConfigController.cs b/EnvelopeGenerator.API/Controllers/ConfigController.cs
index 81aa23c0..117252a2 100644
--- a/EnvelopeGenerator.API/Controllers/ConfigController.cs
+++ b/EnvelopeGenerator.API/Controllers/ConfigController.cs
@@ -1,4 +1,5 @@
 using EnvelopeGenerator.API.Models.PsPdfKitAnnotation;
+using EnvelopeGenerator.Domain.Constants;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Options;
@@ -13,7 +14,7 @@ namespace EnvelopeGenerator.API.Controllers;
 /// </remarks>
 [Route("api/[controller]")]
 [ApiController]
-[Authorize]
+[Authorize(Policy = AuthPolicy.SenderOrReceiver)]
 public class ConfigController(IOptionsMonitor<AnnotationParams> annotationParamsOptions) : ControllerBase
 {
     private readonly AnnotationParams _annotationParams = annotationParamsOptions.CurrentValue;