TekH
6254bb6e3f
Changed [Authorize] to require Receiver.FullyAuth role for CreateAsync, restricting access to receiver users. Removed explicit null check and logging for envelopeId claim, allowing the method to proceed without this validation.
91 lines
3.4 KiB
C#
91 lines
3.4 KiB
C#
using DigitalData.Core.Abstraction.Application.DTO;
|
|
using EnvelopeGenerator.Application.Common.Dto.EnvelopeReceiverReadOnly;
|
|
using EnvelopeGenerator.Application.Common.Interfaces.Services;
|
|
using EnvelopeGenerator.Domain.Constants;
|
|
using EnvelopeGenerator.API.Extensions;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using Newtonsoft.Json;
|
|
|
|
namespace EnvelopeGenerator.API.Controllers;
|
|
|
|
/// <summary>
|
|
/// Manages read-only envelope sharing flows.
|
|
/// </summary>
|
|
[Route("api/[controller]")]
|
|
[ApiController]
|
|
public class ReadOnlyController : ControllerBase
|
|
{
|
|
private readonly ILogger<ReadOnlyController> _logger;
|
|
private readonly IEnvelopeReceiverReadOnlyService _readOnlyService;
|
|
private readonly IEnvelopeMailService _mailService;
|
|
private readonly IEnvelopeHistoryService _historyService;
|
|
|
|
/// <summary>
|
|
/// Initializes a new instance of the <see cref="ReadOnlyController"/> class.
|
|
/// </summary>
|
|
public ReadOnlyController(ILogger<ReadOnlyController> logger, IEnvelopeReceiverReadOnlyService readOnlyService, IEnvelopeMailService mailService, IEnvelopeHistoryService historyService)
|
|
{
|
|
_logger = logger;
|
|
_readOnlyService = readOnlyService;
|
|
_mailService = mailService;
|
|
_historyService = historyService;
|
|
}
|
|
|
|
/// <summary>
|
|
/// Creates a new read-only receiver for the current envelope.
|
|
/// </summary>
|
|
/// <param name="createDto">Creation payload.</param>
|
|
[HttpPost]
|
|
[Authorize(Roles = Role.Receiver.FullyAuth)]
|
|
public async Task<IActionResult> CreateAsync([FromBody] EnvelopeReceiverReadOnlyCreateDto createDto)
|
|
{
|
|
var authReceiverMail = User.GetAuthReceiverMail();
|
|
if (authReceiverMail is null)
|
|
{
|
|
_logger.LogError("EmailAddress claim is not found in envelope-receiver-read-only creation process. Create DTO is:\n {dto}", JsonConvert.SerializeObject(createDto));
|
|
return Unauthorized();
|
|
}
|
|
|
|
var envelopeId = User.GetAuthEnvelopeId();
|
|
|
|
createDto.AddedWho = authReceiverMail;
|
|
createDto.EnvelopeId = envelopeId;
|
|
|
|
var creationRes = await _readOnlyService.CreateAsync(createDto: createDto);
|
|
|
|
if (creationRes.IsFailed)
|
|
{
|
|
_logger.LogNotice(creationRes);
|
|
return StatusCode(StatusCodes.Status500InternalServerError);
|
|
}
|
|
|
|
var readRes = await _readOnlyService.ReadByIdAsync(creationRes.Data.Id);
|
|
if (readRes.IsFailed)
|
|
{
|
|
_logger.LogNotice(creationRes);
|
|
return StatusCode(StatusCodes.Status500InternalServerError);
|
|
}
|
|
|
|
var newReadOnly = readRes.Data;
|
|
|
|
return await _mailService.SendAsync(newReadOnly).ThenAsync<int, IActionResult>(SuccessAsync: async _ =>
|
|
{
|
|
var histRes = await _historyService.RecordAsync((int)createDto.EnvelopeId, createDto.AddedWho, EnvelopeStatus.EnvelopeShared);
|
|
if (histRes.IsFailed)
|
|
{
|
|
_logger.LogError("Although the envelope was sent as read-only, the EnvelopeShared history could not be saved. Create DTO:\n{createDto}", JsonConvert.SerializeObject(createDto));
|
|
_logger.LogNotice(histRes.Notices);
|
|
}
|
|
|
|
return Ok();
|
|
},
|
|
|
|
Fail: (msg, ntc) =>
|
|
{
|
|
_logger.LogNotice(ntc);
|
|
return StatusCode(StatusCodes.Status500InternalServerError);
|
|
});
|
|
}
|
|
}
|