Refactor `DocumentController.GetDocument` to exclusively support the "Sender" role by removing logic for the "Receiver" role. Update the `[Authorize]` attribute to enforce the `AuthPolicy.Sender` policy instead of `AuthPolicy.SenderOrReceiver`. Remove the `AuthPolicy.SenderOrReceiver` policy from `Program.cs` authorization configuration, reflecting the decision to separate role-based access more explicitly. The application now defines distinct policies for "Sender" and "Receiver" roles without combining them.
66 lines
2.3 KiB
C#
66 lines
2.3 KiB
C#
using DigitalData.Auth.Claims;
|
|
using EnvelopeGenerator.Server.Controllers.Interfaces;
|
|
using EnvelopeGenerator.Server.Extensions;
|
|
using EnvelopeGenerator.Application.Documents.Queries;
|
|
using EnvelopeGenerator.Domain.Constants;
|
|
using MediatR;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
|
|
namespace EnvelopeGenerator.Server.Controllers;
|
|
|
|
/// <summary>
|
|
/// Provides access to envelope documents for authenticated receivers.
|
|
/// </summary>
|
|
/// <remarks>
|
|
/// Initializes a new instance of the <see cref="DocumentController"/> class.
|
|
/// </remarks>
|
|
[ApiController]
|
|
[Route("api/[controller]")]
|
|
public class DocumentController(IMediator mediator, IAuthorizationService authService, ILogger<DocumentController> logger) : ControllerBase, IAuthController
|
|
{
|
|
/// <summary>
|
|
///
|
|
/// </summary>
|
|
public IAuthorizationService AuthService => authService;
|
|
|
|
/// <summary>
|
|
/// Returns the document bytes receiver.
|
|
/// </summary>
|
|
/// <param name="query">Encoded envelope key.</param>
|
|
/// <param name="cancel">Cancellation token.</param>
|
|
[HttpGet]
|
|
[Authorize(Policy = AuthPolicy.Sender)]
|
|
public async Task<IActionResult> GetDocument(CancellationToken cancel, [FromQuery] ReadDocumentQuery? query = null)
|
|
{
|
|
if (query is null)
|
|
return BadRequest("Missing document query.");
|
|
|
|
var senderDoc = await mediator.Send(query, cancel);
|
|
return senderDoc.ByteData is byte[] senderDocByte
|
|
? File(senderDocByte, "application/octet-stream")
|
|
: NotFound("Document is empty.");
|
|
}
|
|
|
|
/// <summary>
|
|
/// Gets the document for the specified envelope key.
|
|
/// </summary>
|
|
/// <param name="envelopeKey"></param>
|
|
/// <param name="cancel"></param>
|
|
/// <returns></returns>
|
|
[Authorize(Policy = AuthPolicy.Receiver)]
|
|
[HttpGet("{envelopeKey}")]
|
|
public async Task<IActionResult> GetDocumentOfReceiver(string envelopeKey, CancellationToken cancel)
|
|
{
|
|
int envelopeId = User.EnvelopeId();
|
|
|
|
var senderDoc = await mediator.Send(new ReadDocumentQuery() { EnvelopeId = envelopeId }, cancel);
|
|
|
|
if (senderDoc.ByteData is not byte[] senderDocByte)
|
|
return NotFound("Document is empty.");
|
|
|
|
Response.Headers.ContentDisposition = $"inline; filename=\"{envelopeKey}.pdf\"";
|
|
return File(senderDocByte, "application/pdf");
|
|
}
|
|
}
|