aljaz/BTCPayServerPlugins
1
0
Fork 0
mirror of https://github.com/aljazceru/BTCPayServerPlugins.git synced 2025-12-17 07:34:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix perms on plugins

Browse Source
This commit is contained in:
Kukks
2024-03-15 16:00:30 +01:00
parent 0efd3fc53a
commit f60f98dc14
6 changed files with 49 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
Plugins/BTCPayServer.Plugins.Bringin/BringinController.cs
View File

@@ -9,7 +9,6 @@ using Microsoft.AspNetCore.Mvc;
namespace BTCPayServer.Plugins.Bringin; namespace BTCPayServer.Plugins.Bringin;
[Authorize(AuthenticationSchemes = AuthenticationSchemes.Cookie)] [Authorize(AuthenticationSchemes = AuthenticationSchemes.Cookie)]
[Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
[Route("plugins/{storeId}/Bringin")] [Route("plugins/{storeId}/Bringin")]
public class BringinController : Controller public class BringinController : Controller
{ {
@@ -24,11 +23,10 @@ public class BringinController : Controller
_btcPayNetworkProvider = btcPayNetworkProvider; _btcPayNetworkProvider = btcPayNetworkProvider;
} }
[Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
[HttpGet("onboard")] [HttpGet("onboard")]
public async Task<IActionResult> Onboard(string storeId) public async Task<IActionResult> Onboard(string storeId)
{ {
var vm = await _bringinService.Update(storeId); var vm = await _bringinService.Update(storeId);
var callbackUri = Url.Action("Callback", "Bringin", new var callbackUri = Url.Action("Callback", "Bringin", new
@@ -43,6 +41,7 @@ public class BringinController : Controller
return Redirect(onboardUri.ToString()); return Redirect(onboardUri.ToString());
} }
[Authorize(Policy = Policies.CanViewStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
[HttpGet("")] [HttpGet("")]
public async Task<IActionResult> Edit() public async Task<IActionResult> Edit()
{ {
@@ -51,6 +50,7 @@ public class BringinController : Controller
[HttpPost("callback")] [HttpPost("callback")]
[HttpGet("callback")] [HttpGet("callback")]
[AllowAnonymous]
public async Task<IActionResult> Callback(string storeId, string code, [FromBody]BringinVerificationUpdate content) public async Task<IActionResult> Callback(string storeId, string code, [FromBody]BringinVerificationUpdate content)
{ {
var vm = await _bringinService.Update(storeId); var vm = await _bringinService.Update(storeId);
@@ -72,28 +72,5 @@ public class BringinController : Controller
public string apikey { get; set; } public string apikey { get; set; }
public string verificationStatus { get; set; } public string verificationStatus { get; set; }
} }
// [HttpGet("callback")]
// public async Task<IActionResult> Callback(string storeId, string apiKey, string code)
// {
// //truncate with showing only first 3 letters on start ond end
//
// var truncatedApikey = apiKey.Substring(0, 3) + "***" + apiKey.Substring(apiKey.Length - 3);
//
// return View("Confirm",
// new ConfirmModel("Confirm Bringin API Key",
// $"You are about to set your Bringin API key to {truncatedApikey}", "Set", "btn-primary"));
// }
//
// [HttpPost("callback")]
// public async Task<IActionResult> CallbackConfirm(string storeId, string apiKey)
// {
// var vm = await _bringinService.Update(storeId);
// vm.ApiKey = apiKey;
// await _bringinService.Update(storeId, vm);
// return RedirectToAction("Edit", new {storeId});
// }
} }

60
Plugins/BTCPayServer.Plugins.Bringin/Components/BringinWidget.razor
View File

@@ -1,5 +1,6 @@
@using System.Threading @using System.Threading
@using BTCPayServer.Abstractions.Extensions @using BTCPayServer.Abstractions.Extensions
@using BTCPayServer.Client
@using BTCPayServer.Data @using BTCPayServer.Data
@using BTCPayServer.Payments @using BTCPayServer.Payments
@using BTCPayServer.PayoutProcessors @using BTCPayServer.PayoutProcessors
@@ -10,6 +11,7 @@
@using NBitcoin @using NBitcoin
@implements IAsyncDisposable; @implements IAsyncDisposable;
@code { @code {
private BringinService.BringinStoreSettings? _settings; private BringinService.BringinStoreSettings? _settings;
private bool _isLoaded = false; private bool _isLoaded = false;
@@ -23,6 +25,7 @@
[Inject] private BTCPayNetworkProvider BTCPayNetworkProvider { get; set; } [Inject] private BTCPayNetworkProvider BTCPayNetworkProvider { get; set; }
[Inject] private IHttpClientFactory HttpClientFactory { get; set; } [Inject] private IHttpClientFactory HttpClientFactory { get; set; }
[Inject] private PayoutProcessorService PayoutProcessorService { get; set; } [Inject] private PayoutProcessorService PayoutProcessorService { get; set; }
[Inject] private IAuthorizationService AuthorizationService { get; set; }
[Parameter] public string StoreId { get; set; } [Parameter] public string StoreId { get; set; }
private decimal? LastFiatBalance { get; set; } private decimal? LastFiatBalance { get; set; }
private DateTimeOffset? LastDataFetch { get; set; } private DateTimeOffset? LastDataFetch { get; set; }
@@ -66,11 +69,13 @@
} }
private bool _editMode; private bool _editMode;
private bool _readOnly;
protected override async Task OnAfterRenderAsync(bool firstRender) protected override async Task OnAfterRenderAsync(bool firstRender)
{ {
if (firstRender) if (firstRender)
{ {
_readOnly = !(await AuthorizationService.AuthorizeAsync(HttpContextAccessor.HttpContext.User, StoreId, Policies.CanModifyStoreSettings )).Succeeded;
OnboardLink = LinkGenerator.GetUriByAction(HttpContextAccessor.HttpContext, "Onboard", "Bringin", new {StoreId}); OnboardLink = LinkGenerator.GetUriByAction(HttpContextAccessor.HttpContext, "Onboard", "Bringin", new {StoreId});
PmiLink = $"A payout processor has not been configured for this payment method. Payouts generated by Bringin will not be automatically handled. <a href=\"{LinkGenerator.GetUriByAction(HttpContextAccessor.HttpContext, "ConfigureStorePayoutProcessors", "UIPayoutProcessors", new {StoreId})}\">Configure now</a>"; PmiLink = $"A payout processor has not been configured for this payment method. Payouts generated by Bringin will not be automatically handled. <a href=\"{LinkGenerator.GetUriByAction(HttpContextAccessor.HttpContext, "ConfigureStorePayoutProcessors", "UIPayoutProcessors", new {StoreId})}\">Configure now</a>";
_callbackLink = LinkGenerator.GetUriByAction(HttpContextAccessor.HttpContext, "Callback", "Bringin", new {StoreId}); _callbackLink = LinkGenerator.GetUriByAction(HttpContextAccessor.HttpContext, "Callback", "Bringin", new {StoreId});
@@ -338,31 +343,34 @@
</h4> </h4>
<div class="d-flex gap-2"> @if (!_readOnly)
@if (_manualOrder) {
{ <div class="d-flex gap-2">
<button class="btn btn-sm btn-outline-secondary" @onclick="CancelManual" disabled="@_saving">Cancel order</button> @if (_manualOrder)
}
else if (_settings is not null && !EditMode)
{
<button class="btn btn-link" @onclick="Edit">Edit</button>
<button class="btn btn-link" @onclick="CreateManual">Manual order</button>
}
else if (_settings is not null && EditMode)
{
if (ApiKeyError)
{ {
<button class="btn btn-sm btn-outline-secondary" @onclick="TestApiKey" disabled="@_saving">Test API Key</button> <button class="btn btn-sm btn-outline-secondary" @onclick="CancelManual" disabled="@_saving">Cancel order</button>
} }
else if (_settings is not null && !EditMode)
if (!string.IsNullOrEmpty(_settings.ApiKey) && !ApiKeyError)
{ {
<button class="btn btn-sm btn-primary" @onclick="Save" disabled="@_saving">Save</button> <button class="btn btn-link" @onclick="Edit">Edit</button>
<button class="btn btn-link" @onclick="CreateManual">Manual order</button>
} }
else if (_settings is not null && EditMode)
{
if (ApiKeyError)
{
<button class="btn btn-sm btn-outline-secondary" @onclick="TestApiKey" disabled="@_saving">Test API Key</button>
}
<button class="btn btn-sm btn-outline-secondary" @onclick="CancelEdit" disabled="@_saving">Cancel edit</button> if (!string.IsNullOrEmpty(_settings.ApiKey) && !ApiKeyError)
} {
</div> <button class="btn btn-sm btn-primary" @onclick="Save" disabled="@_saving">Save</button>
}
<button class="btn btn-sm btn-outline-secondary" @onclick="CancelEdit" disabled="@_saving">Cancel edit</button>
}
</div>
}
</header> </header>
@@ -371,9 +379,13 @@
<p class="text-secondary my-3"> <p class="text-secondary my-3">
Bringin is a service that allows you to automatically convert your BTC to EUR and send it to your bank account. Start configuring it by clicking on the button below. Bringin is a service that allows you to automatically convert your BTC to EUR and send it to your bank account. Start configuring it by clicking on the button below.
</p> </p>
<div class="d-flex">
<button class="btn btn-lg btn-outline-primary" @onclick="Edit">Configure</button> @if (!_readOnly)
</div> {
<div class="d-flex">
<button class="btn btn-lg btn-outline-primary" @onclick="Edit">Configure</button>
</div>
}
} }
else if (_manualOrder) else if (_manualOrder)
{ {
@@ -439,7 +451,7 @@
</div> </div>
</div> </div>
} }
else if (!EditMode) else if (!EditMode || _readOnly)
{ {
@if (LastFiatBalance is not null) @if (LastFiatBalance is not null)
{ {

2
Plugins/BTCPayServer.Plugins.Bringin/Views/Shared/Bringin/Nav.cshtml
View File

@@ -9,7 +9,7 @@
@if (!string.IsNullOrEmpty(storeId)) @if (!string.IsNullOrEmpty(storeId))
{ {
<li class="nav-item"> <li class="nav-item">
<a permission="@Policies.CanModifyStoreSettings" asp-controller="Bringin" asp-action="Edit" asp-route-storeId="@storeId" class="nav-link @ViewData.IsActivePage("Bringin")" id="Nav-Bringin"> <a permission="@Policies.CanViewStoreSettings" asp-controller="Bringin" asp-action="Edit" asp-route-storeId="@storeId" class="nav-link @ViewData.IsActivePage("Bringin")" id="Nav-Bringin">
<svg xmlns="http://www.w3.org/2000/svg" style="margin-right: 7px;" width="14.000000pt" height="14.000000pt" viewBox="0 0 32.000000 32.000000" preserveAspectRatio="xMidYMid meet"> <svg xmlns="http://www.w3.org/2000/svg" style="margin-right: 7px;" width="14.000000pt" height="14.000000pt" viewBox="0 0 32.000000 32.000000" preserveAspectRatio="xMidYMid meet">
<g transform="translate(0.000000,32.000000) scale(0.100000,-0.100000)" fill="currentColor" stroke="none"> <g transform="translate(0.000000,32.000000) scale(0.100000,-0.100000)" fill="currentColor" stroke="none">

8
Plugins/BTCPayServer.Plugins.Wabisabi/Views/Shared/Wabisabi/WabisabiDashboard.cshtml
View File

@@ -1,6 +1,10 @@
@using BTCPayServer.Abstractions.Contracts @using BTCPayServer.Abstractions.Contracts
@using BTCPayServer.Abstractions.TagHelpers
@using BTCPayServer.Client
@using BTCPayServer.Common @using BTCPayServer.Common
@using BTCPayServer.Components.TruncateCenter
@using BTCPayServer.Plugins.Wabisabi @using BTCPayServer.Plugins.Wabisabi
@using Microsoft.AspNetCore.Mvc.TagHelpers
@using Microsoft.Extensions.Logging @using Microsoft.Extensions.Logging
@using NBitcoin @using NBitcoin
@using WalletWasabi.WabiSabi.Backend.Rounds @using WalletWasabi.WabiSabi.Backend.Rounds
@@ -33,7 +37,7 @@
@if (!enabledSettings.Any()) @if (!enabledSettings.Any())
{ {
<div class="widget"> <div class="widget" permission="@Policies.CanModifyStoreSettings">
<partial name="../WabisabiStore/UpdateWabisabiStoreSettings" model="@settings"/> <partial name="../WabisabiStore/UpdateWabisabiStoreSettings" model="@settings"/>
</div> </div>
} }
@@ -279,7 +283,7 @@ updateInProgressAnimation(myChart);
@(settings.Active ? "Deactivate" : "Activate") @(settings.Active ? "Deactivate" : "Activate")
</a> </a>
- -
<a asp-controller="WabisabiStore" asp-action="UpdateWabisabiStoreSettings" asp-route-storeId="@storeId" class="fw-semibold"> <a asp-controller="WabisabiStore" asp-action="UpdateWabisabiStoreSettings" asp-route-storeId="@storeId" class="fw-semibold" permission="@Policies.CanModifyStoreSettings">
Configure Configure
</a> </a>
</div> </div>

3
Plugins/BTCPayServer.Plugins.Wabisabi/Views/Shared/Wabisabi/WabisabiNav.cshtml
View File

@@ -1,4 +1,5 @@
@using BTCPayServer.Abstractions.Contracts @using BTCPayServer.Abstractions.Contracts
@using BTCPayServer.Client
@using BTCPayServer.Plugins.Wabisabi @using BTCPayServer.Plugins.Wabisabi
@inject IScopeProvider ScopeProvider @inject IScopeProvider ScopeProvider
@{ @{
@@ -8,7 +9,7 @@
} }
@if (!string.IsNullOrEmpty(storeId)) @if (!string.IsNullOrEmpty(storeId))
{ {
<li class="nav-item"> <li class="nav-item" permission="@Policies.CanModifyStoreSettings">
<a asp-area="" asp-controller="WabisabiStore" asp-action="UpdateWabisabiStoreSettings" asp-route-storeId="@storeId" class="nav-link js-scroll-trigger @(isActive? "active": string.Empty)"> <a asp-area="" asp-controller="WabisabiStore" asp-action="UpdateWabisabiStoreSettings" asp-route-storeId="@storeId" class="nav-link js-scroll-trigger @(isActive? "active": string.Empty)">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" class="icon" style="height: 14px;"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" class="icon" style="height: 14px;">
<path fill="currentColor" d="M12 4.942c1.827 1.105 3.474 1.6 5 1.833v7.76c0 1.606-.415 1.935-5 4.76v-14.353zm9-1.942v11.535c0 4.603-3.203 5.804-9 9.465-5.797-3.661-9-4.862-9-9.465v-11.535c3.516 0 5.629-.134 9-3 3.371 2.866 5.484 3 9 3zm-2 1.96c-2.446-.124-4.5-.611-7-2.416-2.5 1.805-4.554 2.292-7 2.416v9.575c0 3.042 1.69 3.83 7 7.107 5.313-3.281 7-4.065 7-7.107v-9.575z"/></svg> <path fill="currentColor" d="M12 4.942c1.827 1.105 3.474 1.6 5 1.833v7.76c0 1.606-.415 1.935-5 4.76v-14.353zm9-1.942v11.535c0 4.603-3.203 5.804-9 9.465-5.797-3.661-9-4.862-9-9.465v-11.535c3.516 0 5.629-.134 9-3 3.371 2.866 5.484 3 9 3zm-2 1.96c-2.446-.124-4.5-.611-7-2.416-2.5 1.805-4.554 2.292-7 2.416v9.575c0 3.042 1.69 3.83 7 7.107 5.313-3.281 7-4.065 7-7.107v-9.575z"/></svg>

2
submodules/btcpayserver

Submodule submodules/btcpayserver updated: 2111b67e2c...1fd3054006