TekH
6b23dcdba7
Replaced all usages of ReceiverRole with the new Role class in EnvelopeGenerator.Domain.Constants. Removed ReceiverRole.cs and added Role.cs with PreAuth and FullyAuth constants. Updated all [Authorize] attributes and role checks in controllers and authentication logic to use Role.FullyAuth and Role.PreAuth. This centralizes role management for improved maintainability and clarity.
96 lines
3.6 KiB
C#
96 lines
3.6 KiB
C#
using DigitalData.Core.Abstraction.Application.DTO;
|
|
using EnvelopeGenerator.Application.Common.Dto.EnvelopeReceiverReadOnly;
|
|
using EnvelopeGenerator.Application.Common.Interfaces.Services;
|
|
using EnvelopeGenerator.Domain.Constants;
|
|
using EnvelopeGenerator.API.Extensions;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using Newtonsoft.Json;
|
|
|
|
namespace EnvelopeGenerator.API.Controllers;
|
|
|
|
/// <summary>
|
|
/// Manages read-only envelope sharing flows.
|
|
/// </summary>
|
|
[Route("api/[controller]")]
|
|
[ApiController]
|
|
public class ReadOnlyController : ControllerBase
|
|
{
|
|
private readonly ILogger<ReadOnlyController> _logger;
|
|
private readonly IEnvelopeReceiverReadOnlyService _readOnlyService;
|
|
private readonly IEnvelopeMailService _mailService;
|
|
private readonly IEnvelopeHistoryService _historyService;
|
|
|
|
/// <summary>
|
|
/// Initializes a new instance of the <see cref="ReadOnlyController"/> class.
|
|
/// </summary>
|
|
public ReadOnlyController(ILogger<ReadOnlyController> logger, IEnvelopeReceiverReadOnlyService readOnlyService, IEnvelopeMailService mailService, IEnvelopeHistoryService historyService)
|
|
{
|
|
_logger = logger;
|
|
_readOnlyService = readOnlyService;
|
|
_mailService = mailService;
|
|
_historyService = historyService;
|
|
}
|
|
|
|
/// <summary>
|
|
/// Creates a new read-only receiver for the current envelope.
|
|
/// </summary>
|
|
/// <param name="createDto">Creation payload.</param>
|
|
[HttpPost]
|
|
[Authorize(Roles = Role.FullyAuth)]
|
|
public async Task<IActionResult> CreateAsync([FromBody] EnvelopeReceiverReadOnlyCreateDto createDto)
|
|
{
|
|
var authReceiverMail = User.GetAuthReceiverMail();
|
|
if (authReceiverMail is null)
|
|
{
|
|
_logger.LogError("EmailAddress claim is not found in envelope-receiver-read-only creation process. Create DTO is:\n {dto}", JsonConvert.SerializeObject(createDto));
|
|
return Unauthorized();
|
|
}
|
|
|
|
var envelopeId = User.GetAuthEnvelopeId();
|
|
if (envelopeId is null)
|
|
{
|
|
_logger.LogError("Envelope Id claim is not found in envelope-receiver-read-only creation process. Create DTO is:\n {dto}", JsonConvert.SerializeObject(createDto));
|
|
return Unauthorized();
|
|
}
|
|
|
|
createDto.AddedWho = authReceiverMail;
|
|
createDto.EnvelopeId = envelopeId;
|
|
|
|
var creationRes = await _readOnlyService.CreateAsync(createDto: createDto);
|
|
|
|
if (creationRes.IsFailed)
|
|
{
|
|
_logger.LogNotice(creationRes);
|
|
return StatusCode(StatusCodes.Status500InternalServerError);
|
|
}
|
|
|
|
var readRes = await _readOnlyService.ReadByIdAsync(creationRes.Data.Id);
|
|
if (readRes.IsFailed)
|
|
{
|
|
_logger.LogNotice(creationRes);
|
|
return StatusCode(StatusCodes.Status500InternalServerError);
|
|
}
|
|
|
|
var newReadOnly = readRes.Data;
|
|
|
|
return await _mailService.SendAsync(newReadOnly).ThenAsync<int, IActionResult>(SuccessAsync: async _ =>
|
|
{
|
|
var histRes = await _historyService.RecordAsync((int)createDto.EnvelopeId, createDto.AddedWho, EnvelopeStatus.EnvelopeShared);
|
|
if (histRes.IsFailed)
|
|
{
|
|
_logger.LogError("Although the envelope was sent as read-only, the EnvelopeShared history could not be saved. Create DTO:\n{createDto}", JsonConvert.SerializeObject(createDto));
|
|
_logger.LogNotice(histRes.Notices);
|
|
}
|
|
|
|
return Ok();
|
|
},
|
|
|
|
Fail: (msg, ntc) =>
|
|
{
|
|
_logger.LogNotice(ntc);
|
|
return StatusCode(StatusCodes.Status500InternalServerError);
|
|
});
|
|
}
|
|
}
|