TekH
7cb1546934
Introduced a new Reject endpoint for users with the ReceiverFull role to reject annotations, with optional reason support. Marked the endpoint as obsolete for future exception handling updates. Also standardized the Unauthorized response to remove the custom error message.
121 lines
4.9 KiB
C#
121 lines
4.9 KiB
C#
using DigitalData.Core.Abstraction.Application.DTO;
|
|
using DigitalData.Core.Exceptions;
|
|
using EnvelopeGenerator.Application.Common.Extensions;
|
|
using EnvelopeGenerator.Application.Common.Interfaces.Services;
|
|
using EnvelopeGenerator.Application.Common.Notifications.DocSigned;
|
|
using EnvelopeGenerator.Application.EnvelopeReceivers.Queries;
|
|
using EnvelopeGenerator.Application.Histories.Queries;
|
|
using EnvelopeGenerator.Domain.Constants;
|
|
using EnvelopeGenerator.Domain.Interfaces;
|
|
using EnvelopeGenerator.Web.Extensions;
|
|
using MediatR;
|
|
using Microsoft.AspNetCore.Authentication;
|
|
using Microsoft.AspNetCore.Authentication.Cookies;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
|
|
namespace EnvelopeGenerator.Web.Controllers;
|
|
|
|
[Authorize(Roles = Role.ReceiverFull)]
|
|
[ApiController]
|
|
[Route("api/[controller]")]
|
|
public class AnnotationController : ControllerBase
|
|
{
|
|
[Obsolete("Use MediatR")]
|
|
private readonly IEnvelopeHistoryService _histService;
|
|
[Obsolete("Use MediatR")]
|
|
private readonly IEnvelopeReceiverService _envRcvService;
|
|
|
|
private readonly IMediator _mediator;
|
|
|
|
private readonly ILogger<AnnotationController> _logger;
|
|
|
|
[Obsolete("Use MediatR")]
|
|
public AnnotationController(
|
|
ILogger<AnnotationController> logger,
|
|
IEnvelopeHistoryService envelopeHistoryService,
|
|
IEnvelopeReceiverService envelopeReceiverService,
|
|
IMediator mediator)
|
|
{
|
|
_histService = envelopeHistoryService;
|
|
_envRcvService = envelopeReceiverService;
|
|
_mediator = mediator;
|
|
_logger = logger;
|
|
}
|
|
|
|
[Authorize(Roles = Role.ReceiverFull)]
|
|
[HttpPost]
|
|
public async Task<IActionResult> CreateOrUpdate([FromBody] PsPdfKitAnnotation? psPdfKitAnnotation = null, CancellationToken cancel = default)
|
|
{
|
|
// get claims
|
|
var signature = User.GetAuthReceiverSignature();
|
|
var uuid = User.GetAuthEnvelopeUuid();
|
|
|
|
if (signature is null || uuid is null)
|
|
{
|
|
_logger.LogError("Authorization failed: authenticated user does not have a valid signature or envelope UUID.");
|
|
return Unauthorized("User authentication is incomplete. Missing required claims for processing this request.");
|
|
}
|
|
|
|
// check if non read-and-confirm envelope is signed without annotation
|
|
var er = await _mediator.ReadEnvelopeReceiverAsync(uuid, signature, cancel).ThrowIfNull(Exceptions.NotFound);
|
|
|
|
if (!er.Envelope!.ReadOnly && psPdfKitAnnotation is null)
|
|
return BadRequest();
|
|
|
|
// Again check if receiver has already signed
|
|
if (await _mediator.IsSignedAsync(uuid, signature, cancel))
|
|
return Problem(statusCode: 409);
|
|
else if (er.Envelope.IsReadAndSign() && await _mediator.AnyHistoryAsync(uuid, new[] { EnvelopeStatus.EnvelopeRejected, EnvelopeStatus.DocumentRejected }, cancel))
|
|
return Problem(statusCode: 423);
|
|
|
|
var docSignedNotification = await _mediator
|
|
.ReadEnvelopeReceiverAsync(uuid, signature, cancel)
|
|
.ToDocSignedNotification(psPdfKitAnnotation)
|
|
?? throw new NotFoundException("Envelope receiver is not found.");
|
|
|
|
await _mediator.PublishSafely(docSignedNotification, cancel);
|
|
|
|
await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
|
|
|
|
return Ok();
|
|
}
|
|
|
|
//TODO: add logic to check if it is already rejected or signed
|
|
[Authorize(Roles = Role.ReceiverFull)]
|
|
[HttpPost("reject")]
|
|
[Obsolete("Use DigitalData.Core.Exceptions and .Middleware")]
|
|
public async Task<IActionResult> Reject([FromBody] string? reason = null)
|
|
{
|
|
var signature = User.GetAuthReceiverSignature();
|
|
var uuid = User.GetAuthEnvelopeUuid();
|
|
var mail = User.GetAuthReceiverMail();
|
|
if (uuid is null || signature is null || mail is null)
|
|
{
|
|
_logger.LogEnvelopeError(uuid: uuid, signature: signature,
|
|
message: @$"Unauthorized POST request in api\envelope\reject. One of claims, Envelope, signature or mail ({mail}) is null.");
|
|
return Unauthorized();
|
|
}
|
|
|
|
var envRcvRes = await _envRcvService.ReadByUuidSignatureAsync(uuid: uuid, signature: signature);
|
|
|
|
if (envRcvRes.IsFailed)
|
|
{
|
|
_logger.LogNotice(envRcvRes.Notices);
|
|
return Unauthorized();
|
|
}
|
|
|
|
var histRes = await _histService.RecordAsync(envRcvRes.Data.EnvelopeId, userReference: mail, EnvelopeStatus.DocumentRejected, comment: reason);
|
|
if (histRes.IsSuccess)
|
|
{
|
|
await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
|
|
return NoContent();
|
|
}
|
|
else
|
|
{
|
|
_logger.LogEnvelopeError(uuid: uuid, signature: signature, message: "Unexpected error happend in api/envelope/reject");
|
|
_logger.LogNotice(histRes.Notices);
|
|
return StatusCode(500, histRes.Messages);
|
|
}
|
|
}
|
|
} |