TekH
cfdfb43631
Updated [Authorize] attributes to require Receiver.FullyAuth role on AnnotationController and relevant methods. Removed redundant claim checks now enforced by role-based authorization. Clarified [Obsolete] message for PSPDF Kit endpoint.
119 lines
4.7 KiB
C#
119 lines
4.7 KiB
C#
using DigitalData.Core.Abstraction.Application.DTO;
|
|
using DigitalData.Core.Exceptions;
|
|
using EnvelopeGenerator.Application.Common.Extensions;
|
|
using EnvelopeGenerator.Application.Common.Interfaces.Services;
|
|
using EnvelopeGenerator.Application.Common.Notifications.DocSigned;
|
|
using EnvelopeGenerator.Application.EnvelopeReceivers.Queries;
|
|
using EnvelopeGenerator.Application.Histories.Queries;
|
|
using EnvelopeGenerator.Domain.Constants;
|
|
using EnvelopeGenerator.API.Extensions;
|
|
using MediatR;
|
|
using Microsoft.AspNetCore.Authentication;
|
|
using Microsoft.AspNetCore.Authentication.Cookies;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
|
|
namespace EnvelopeGenerator.API.Controllers;
|
|
|
|
/// <summary>
|
|
/// Manages annotations and signature lifecycle for envelopes.
|
|
/// </summary>
|
|
[Authorize(Roles = Role.Receiver.FullyAuth)]
|
|
[ApiController]
|
|
[Route("api/[controller]")]
|
|
public class AnnotationController : ControllerBase
|
|
{
|
|
[Obsolete("Use MediatR")]
|
|
private readonly IEnvelopeHistoryService _historyService;
|
|
|
|
[Obsolete("Use MediatR")]
|
|
private readonly IEnvelopeReceiverService _envelopeReceiverService;
|
|
|
|
private readonly IMediator _mediator;
|
|
|
|
private readonly ILogger<AnnotationController> _logger;
|
|
|
|
/// <summary>
|
|
/// Initializes a new instance of <see cref="AnnotationController"/>.
|
|
/// </summary>
|
|
[Obsolete("Use MediatR")]
|
|
public AnnotationController(
|
|
ILogger<AnnotationController> logger,
|
|
IEnvelopeHistoryService envelopeHistoryService,
|
|
IEnvelopeReceiverService envelopeReceiverService,
|
|
IMediator mediator)
|
|
{
|
|
_historyService = envelopeHistoryService;
|
|
_envelopeReceiverService = envelopeReceiverService;
|
|
_mediator = mediator;
|
|
_logger = logger;
|
|
}
|
|
|
|
/// <summary>
|
|
/// Creates or updates annotations for the authenticated envelope receiver.
|
|
/// </summary>
|
|
/// <param name="psPdfKitAnnotation">Annotation payload.</param>
|
|
/// <param name="cancel">Cancellation token.</param>
|
|
[Authorize(Roles = Role.Receiver.FullyAuth)]
|
|
[HttpPost]
|
|
[Obsolete("PSPDF Kit will no longer be used.")]
|
|
public async Task<IActionResult> CreateOrUpdate([FromBody] PsPdfKitAnnotation? psPdfKitAnnotation = null, CancellationToken cancel = default)
|
|
{
|
|
var signature = User.GetAuthReceiverSignature();
|
|
var uuid = User.GetAuthEnvelopeUuid();
|
|
|
|
var envelopeReceiver = await _mediator.ReadEnvelopeReceiverAsync(uuid, signature, cancel).ThrowIfNull(Exceptions.NotFound);
|
|
|
|
if (!envelopeReceiver.Envelope!.ReadOnly && psPdfKitAnnotation is null)
|
|
return BadRequest();
|
|
|
|
if (await _mediator.IsSignedAsync(uuid, signature, cancel))
|
|
return Problem(statusCode: StatusCodes.Status409Conflict);
|
|
else if (await _mediator.AnyHistoryAsync(uuid, new[] { EnvelopeStatus.EnvelopeRejected, EnvelopeStatus.DocumentRejected }, cancel))
|
|
return Problem(statusCode: StatusCodes.Status423Locked);
|
|
|
|
var docSignedNotification = await _mediator
|
|
.ReadEnvelopeReceiverAsync(uuid, signature, cancel)
|
|
.ToDocSignedNotification(psPdfKitAnnotation)
|
|
?? throw new NotFoundException("Envelope receiver is not found.");
|
|
|
|
await _mediator.PublishSafely(docSignedNotification, cancel);
|
|
await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
|
|
|
|
return Ok();
|
|
}
|
|
|
|
/// <summary>
|
|
/// Rejects the document for the current receiver.
|
|
/// </summary>
|
|
/// <param name="reason">Optional rejection reason.</param>
|
|
[Authorize(Roles = Role.Receiver.FullyAuth)]
|
|
[HttpPost("reject")]
|
|
[Obsolete("Use MediatR")]
|
|
public async Task<IActionResult> Reject([FromBody] string? reason = null)
|
|
{
|
|
var signature = User.GetAuthReceiverSignature();
|
|
var uuid = User.GetAuthEnvelopeUuid();
|
|
var mail = User.GetAuthReceiverMail();
|
|
|
|
var envRcvRes = await _envelopeReceiverService.ReadByUuidSignatureAsync(uuid: uuid, signature: signature);
|
|
|
|
if (envRcvRes.IsFailed)
|
|
{
|
|
_logger.LogNotice(envRcvRes.Notices);
|
|
return Unauthorized("you are not authorized");
|
|
}
|
|
|
|
var histRes = await _historyService.RecordAsync(envRcvRes.Data.EnvelopeId, userReference: mail, EnvelopeStatus.DocumentRejected, comment: reason);
|
|
if (histRes.IsSuccess)
|
|
{
|
|
await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
|
|
return NoContent();
|
|
}
|
|
|
|
_logger.LogEnvelopeError(uuid: uuid, signature: signature, message: "Unexpected error happened in api/envelope/reject");
|
|
_logger.LogNotice(histRes.Notices);
|
|
return StatusCode(500, histRes.Messages);
|
|
}
|
|
}
|