From 81e43b2bf5fedb6cb0b42d9643aea26d97c22cb3 Mon Sep 17 00:00:00 2001
From: Mostafa <bluepritz3d@gmail.com>
Date: Sat, 2 May 2026 06:20:06 +0300
Subject: [PATCH] Replaced AuthorizeAttribute check with ApiGroupAttribute in
 IsApiFrontAuthenticated() to determine API group membership.

---
 .../Services/ApiAuthenticationService.cs                    | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/Business/Grand.Business.Authentication/Services/ApiAuthenticationService.cs b/src/Business/Grand.Business.Authentication/Services/ApiAuthenticationService.cs
index bf7e9bfe5..2c86f0fa7 100644
--- a/src/Business/Grand.Business.Authentication/Services/ApiAuthenticationService.cs
+++ b/src/Business/Grand.Business.Authentication/Services/ApiAuthenticationService.cs
@@ -3,6 +3,8 @@
 using Grand.Business.Core.Interfaces.Customers;
 using Grand.Domain.Customers;
 using Grand.Infrastructure.Configuration;
+using Grand.SharedKernel.Attributes;
+using Grand.SharedKernel.Extensions;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Authorization;
@@ -61,8 +63,8 @@ private bool IsApiFrontAuthenticated()
         var endpoint = _httpContextAccessor.HttpContext.GetEndpoint();
         if (endpoint == null) return false;
 
-        var authorizeAttributes = endpoint.Metadata.GetOrderedMetadata<AuthorizeAttribute>();
-        return authorizeAttributes.Any(attr => attr.AuthenticationSchemes?.Contains(FrontendAPIConfig.AuthenticationScheme) == true);
+        var apiGroupAttr = endpoint.Metadata.GetOrderedMetadata<ApiGroupAttribute>();
+        return apiGroupAttr.Any(attr => attr.GroupName == ApiConstants.ApiGroupNameV2);
     }