My requirement is to add a check here that this API route/end point is only called by tenant admin.
AppController.cs
[Route("api/[controller]")]
[Authorize(Policy = "App.ReadWrite")]
[ApiController]
[Produces("application/json")]
public sealed class AppController : ControllerBase
{
[Route("apps/search")]
[HttpGet]
public async Task<IActionResult> SearchAppForUserAsync([FromQuery] string searchString, CancellationToken cancellationToken)
{
var user = this.GetUser();
var result = await this.appRepository.SearchAppForUserAsync(user, searchString, cancellationToken).ConfigureAwait(false);
return this.Ok(result);
}
}