Enhance AdminOnly authorization policy

Refactor the AdminOnly authorization policy to handle cases where a user profile is not found.
Instead of throwing a NotFoundException, it now throws a ForbiddenException, ensuring a more appropriate response for unauthorized access attempts.
Also introduces PolicyConstants for policy names.

DrinkRateAPI/AuthorizationPolicies/AdminOnlyRequirement.cs

@@ -1,4 +1,5 @@
 using DrinkRateAPI.DbEntities;
+using DrinkRateAPI.Exceptions;
 using DrinkRateAPI.Services;
 
 namespace DrinkRateAPI.AuthorizationPolicies;
@@ -26,7 +27,16 @@ public class AdminOnlyHandler : AuthorizationHandler<AdminOnlyRequirement>
         AuthorizationHandlerContext context,
         AdminOnlyRequirement requirement)
     {
-        var userProfile = await _applicationUserService.UserProfileByApplicationUserAsync(context.User);
+        DbUserProfile userProfile;
+
+        try
+        {
+            userProfile = await _applicationUserService.UserProfileByApplicationUserAsync(context.User);
+        }
+        catch (NotFoundException _)
+        {
+            throw new ForbiddenException();
+        }
 
         if (_userProfileService.IsUserProfileAdmin(userProfile))
         {

DrinkRateAPI/AuthorizationPolicies/PolicyConstants.cs

@@ -0,0 +1,7 @@
+namespace DrinkRateAPI.AuthorizationPolicies;
+
+public static class PolicyConstants
+{
+    public const string AdminOnly = "AdminOnly";
+    
+}

DrinkRateAPI/Controllers/UserProfileController.cs

@@ -1,5 +1,6 @@
 using System.Security.Claims;
 using DrinkRateAPI.ApiModels.UserProfile;
+using DrinkRateAPI.AuthorizationPolicies;
 using DrinkRateAPI.Services;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
@@ -28,7 +29,7 @@ public class UserProfileController : ControllerBase
     }
 
     [HttpPut("{userId}/adminStatus")]
-    [Authorize(Policy = "AdminOnly")]
+    [Authorize(Policy = PolicyConstants.AdminOnly)]
     [Produces("application/json")]
     public async Task<IActionResult> PutUserAdminStatus(string userId, [FromBody] UserProfileAdminStatusPut body)
     {

DrinkRateAPI/Program.cs

@@ -15,7 +15,7 @@ builder.Services.AddControllers();
 // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
 builder.Services.AddEndpointsApiExplorer();
 builder.Services.AddAuthorizationBuilder()
-    .AddPolicy("AdminOnly", policy =>
+    .AddPolicy(PolicyConstants.AdminOnly, policy =>
         policy.Requirements.Add(new AdminOnlyRequirement()));
 builder.Services.AddIdentityApiEndpoints<DbApplicationUser>()
     .AddEntityFrameworkStores<ApplicationDbContext>();
@@ -58,6 +58,7 @@ builder.Services.AddSwaggerGen(c =>
 builder.Services.AddDbContext<ApplicationDbContext>();
 builder.Services.AddScoped<ApplicationUserService>();
 builder.Services.AddScoped<UserProfileService>();
+builder.Services.AddScoped<ProductTableService>();
 
 var app = builder.Build();