From f60f98dc147a93086ca667b9ba53411300d2d9da Mon Sep 17 00:00:00 2001 From: Kukks Date: Fri, 15 Mar 2024 16:00:30 +0100 Subject: [PATCH] fix perms on plugins --- .../BringinController.cs | 29 +-------- .../Components/BringinWidget.razor | 60 +++++++++++-------- .../Views/Shared/Bringin/Nav.cshtml | 2 +- .../Shared/Wabisabi/WabisabiDashboard.cshtml | 8 ++- .../Views/Shared/Wabisabi/WabisabiNav.cshtml | 3 +- submodules/btcpayserver | 2 +- 6 files changed, 49 insertions(+), 55 deletions(-) diff --git a/Plugins/BTCPayServer.Plugins.Bringin/BringinController.cs b/Plugins/BTCPayServer.Plugins.Bringin/BringinController.cs index 9191114..d5e77a6 100644 --- a/Plugins/BTCPayServer.Plugins.Bringin/BringinController.cs +++ b/Plugins/BTCPayServer.Plugins.Bringin/BringinController.cs @@ -9,7 +9,6 @@ using Microsoft.AspNetCore.Mvc; namespace BTCPayServer.Plugins.Bringin; [Authorize(AuthenticationSchemes = AuthenticationSchemes.Cookie)] -[Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)] [Route("plugins/{storeId}/Bringin")] public class BringinController : Controller { @@ -24,11 +23,10 @@ public class BringinController : Controller _btcPayNetworkProvider = btcPayNetworkProvider; } + [Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)] [HttpGet("onboard")] public async Task Onboard(string storeId) { - - var vm = await _bringinService.Update(storeId); var callbackUri = Url.Action("Callback", "Bringin", new @@ -43,6 +41,7 @@ public class BringinController : Controller return Redirect(onboardUri.ToString()); } + [Authorize(Policy = Policies.CanViewStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)] [HttpGet("")] public async Task Edit() { @@ -51,6 +50,7 @@ public class BringinController : Controller [HttpPost("callback")] [HttpGet("callback")] + [AllowAnonymous] public async Task Callback(string storeId, string code, [FromBody]BringinVerificationUpdate content) { var vm = await _bringinService.Update(storeId); @@ -72,28 +72,5 @@ public class BringinController : Controller public string apikey { get; set; } public string verificationStatus { get; set; } } - - - - // [HttpGet("callback")] - // public async Task Callback(string storeId, string apiKey, string code) - // { - // //truncate with showing only first 3 letters on start ond end - // - // var truncatedApikey = apiKey.Substring(0, 3) + "***" + apiKey.Substring(apiKey.Length - 3); - // - // return View("Confirm", - // new ConfirmModel("Confirm Bringin API Key", - // $"You are about to set your Bringin API key to {truncatedApikey}", "Set", "btn-primary")); - // } - // - // [HttpPost("callback")] - // public async Task CallbackConfirm(string storeId, string apiKey) - // { - // var vm = await _bringinService.Update(storeId); - // vm.ApiKey = apiKey; - // await _bringinService.Update(storeId, vm); - // return RedirectToAction("Edit", new {storeId}); - // } } \ No newline at end of file diff --git a/Plugins/BTCPayServer.Plugins.Bringin/Components/BringinWidget.razor b/Plugins/BTCPayServer.Plugins.Bringin/Components/BringinWidget.razor index 27b80e6..1b0e389 100644 --- a/Plugins/BTCPayServer.Plugins.Bringin/Components/BringinWidget.razor +++ b/Plugins/BTCPayServer.Plugins.Bringin/Components/BringinWidget.razor @@ -1,5 +1,6 @@ @using System.Threading @using BTCPayServer.Abstractions.Extensions +@using BTCPayServer.Client @using BTCPayServer.Data @using BTCPayServer.Payments @using BTCPayServer.PayoutProcessors @@ -10,6 +11,7 @@ @using NBitcoin @implements IAsyncDisposable; + @code { private BringinService.BringinStoreSettings? _settings; private bool _isLoaded = false; @@ -23,6 +25,7 @@ [Inject] private BTCPayNetworkProvider BTCPayNetworkProvider { get; set; } [Inject] private IHttpClientFactory HttpClientFactory { get; set; } [Inject] private PayoutProcessorService PayoutProcessorService { get; set; } + [Inject] private IAuthorizationService AuthorizationService { get; set; } [Parameter] public string StoreId { get; set; } private decimal? LastFiatBalance { get; set; } private DateTimeOffset? LastDataFetch { get; set; } @@ -66,11 +69,13 @@ } private bool _editMode; + private bool _readOnly; protected override async Task OnAfterRenderAsync(bool firstRender) { if (firstRender) { + _readOnly = !(await AuthorizationService.AuthorizeAsync(HttpContextAccessor.HttpContext.User, StoreId, Policies.CanModifyStoreSettings )).Succeeded; OnboardLink = LinkGenerator.GetUriByAction(HttpContextAccessor.HttpContext, "Onboard", "Bringin", new {StoreId}); PmiLink = $"A payout processor has not been configured for this payment method. Payouts generated by Bringin will not be automatically handled. Configure now"; _callbackLink = LinkGenerator.GetUriByAction(HttpContextAccessor.HttpContext, "Callback", "Bringin", new {StoreId}); @@ -338,31 +343,34 @@ -
- @if (_manualOrder) - { - - } - else if (_settings is not null && !EditMode) - { - - - } - else if (_settings is not null && EditMode) - { - if (ApiKeyError) + @if (!_readOnly) + { +
+ @if (_manualOrder) { - + } - - if (!string.IsNullOrEmpty(_settings.ApiKey) && !ApiKeyError) + else if (_settings is not null && !EditMode) { - + + } + else if (_settings is not null && EditMode) + { + if (ApiKeyError) + { + + } - - } -
+ if (!string.IsNullOrEmpty(_settings.ApiKey) && !ApiKeyError) + { + + } + + + } +
+ } @@ -371,9 +379,13 @@

Bringin is a service that allows you to automatically convert your BTC to EUR and send it to your bank account. Start configuring it by clicking on the button below.

-
- -
+ + @if (!_readOnly) + { +
+ +
+ } } else if (_manualOrder) { @@ -439,7 +451,7 @@ } - else if (!EditMode) + else if (!EditMode || _readOnly) { @if (LastFiatBalance is not null) { diff --git a/Plugins/BTCPayServer.Plugins.Bringin/Views/Shared/Bringin/Nav.cshtml b/Plugins/BTCPayServer.Plugins.Bringin/Views/Shared/Bringin/Nav.cshtml index f4035df..c9194d8 100644 --- a/Plugins/BTCPayServer.Plugins.Bringin/Views/Shared/Bringin/Nav.cshtml +++ b/Plugins/BTCPayServer.Plugins.Bringin/Views/Shared/Bringin/Nav.cshtml @@ -9,7 +9,7 @@ @if (!string.IsNullOrEmpty(storeId)) {
  • - + diff --git a/Plugins/BTCPayServer.Plugins.Wabisabi/Views/Shared/Wabisabi/WabisabiDashboard.cshtml b/Plugins/BTCPayServer.Plugins.Wabisabi/Views/Shared/Wabisabi/WabisabiDashboard.cshtml index 22e4673..ac252fc 100644 --- a/Plugins/BTCPayServer.Plugins.Wabisabi/Views/Shared/Wabisabi/WabisabiDashboard.cshtml +++ b/Plugins/BTCPayServer.Plugins.Wabisabi/Views/Shared/Wabisabi/WabisabiDashboard.cshtml @@ -1,6 +1,10 @@ @using BTCPayServer.Abstractions.Contracts +@using BTCPayServer.Abstractions.TagHelpers +@using BTCPayServer.Client @using BTCPayServer.Common +@using BTCPayServer.Components.TruncateCenter @using BTCPayServer.Plugins.Wabisabi +@using Microsoft.AspNetCore.Mvc.TagHelpers @using Microsoft.Extensions.Logging @using NBitcoin @using WalletWasabi.WabiSabi.Backend.Rounds @@ -33,7 +37,7 @@ @if (!enabledSettings.Any()) { -
    +
    } @@ -279,7 +283,7 @@ updateInProgressAnimation(myChart); @(settings.Active ? "Deactivate" : "Activate")     - - + Configure
    diff --git a/Plugins/BTCPayServer.Plugins.Wabisabi/Views/Shared/Wabisabi/WabisabiNav.cshtml b/Plugins/BTCPayServer.Plugins.Wabisabi/Views/Shared/Wabisabi/WabisabiNav.cshtml index 9f2b300..db1aa99 100644 --- a/Plugins/BTCPayServer.Plugins.Wabisabi/Views/Shared/Wabisabi/WabisabiNav.cshtml +++ b/Plugins/BTCPayServer.Plugins.Wabisabi/Views/Shared/Wabisabi/WabisabiNav.cshtml @@ -1,4 +1,5 @@ @using BTCPayServer.Abstractions.Contracts +@using BTCPayServer.Client @using BTCPayServer.Plugins.Wabisabi @inject IScopeProvider ScopeProvider @{ @@ -8,7 +9,7 @@ } @if (!string.IsNullOrEmpty(storeId)) { -
  • +
  • diff --git a/submodules/btcpayserver b/submodules/btcpayserver index 2111b67..1fd3054 160000 --- a/submodules/btcpayserver +++ b/submodules/btcpayserver @@ -1 +1 @@ -Subproject commit 2111b67e2cf34a953cf679aec5cf2ed18741b2d9 +Subproject commit 1fd3054006f44b2617d1f13f4e2ece58fd70198f