Refactor authorization policies in Program.cs

Reformatted the `AddAuthorizationBuilder()` method for improved readability and consistency. Updated `AuthPolicy.Receiver` to include an additional role, `"receiver"`, in the `RequireRole` method. No functional changes were made to other policies. These changes enhance code maintainability and introduce a minor adjustment to the `AuthPolicy.Receiver` policy.
2026-06-10 15:39:57 +02:00
parent 90661cb856
commit fc7aa83513
1 changed files with 9 additions and 12 deletions
--- a/EnvelopeGenerator.API/Program.cs
+++ b/EnvelopeGenerator.API/Program.cs
@@ -240,19 +240,16 @@ try
    });
    builder.Services.AddAuthorizationBuilder()
-        .AddPolicy(AuthPolicy.SenderOrReceiver, policy =>
+        .AddPolicy(AuthPolicy.SenderOrReceiver, policy => policy.RequireRole(Role.Sender, Role.Receiver.Full))
-            policy.RequireRole(Role.Sender, Role.Receiver.Full))
+
-        .AddPolicy(AuthPolicy.Sender, policy =>
+        .AddPolicy(AuthPolicy.Sender, policy => policy.RequireRole(Role.Sender))
-            policy.RequireRole(Role.Sender))
+
-        // Per-envelope policy: uses the dedicated EnvelopeReceiverJwt scheme so it
+        .AddPolicy(AuthPolicy.Receiver, policy => policy
-        // never conflicts with the default JwtBearer scheme.
+            .AddAuthenticationSchemes(EnvelopeReceiverScheme)
-        .AddPolicy(AuthPolicy.Receiver, policy =>
+            .RequireAuthenticatedUser()
            policy
                .AddAuthenticationSchemes(EnvelopeReceiverScheme)
                .RequireAuthenticatedUser()
            .RequireRole(Role.Receiver.Full, "receiver"))
-        .AddPolicy(AuthPolicy.ReceiverTFA, policy =>
+
-            policy.RequireRole(Role.Receiver.TFA));
+        .AddPolicy(AuthPolicy.ReceiverTFA, policy => policy.RequireRole(Role.Receiver.TFA));
    // User manager
 #pragma warning disable CS0618 // Type or member is obsolete