aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2025-12-17 14:04:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Invoices: Allow admin to see invoices of users (#6517)

Browse Source 
* Invoices: Allow admin to see invoices of users

Fixes #6489. As discussed with @TChukwuleta, this succeeds and closes #6497.

* Invoices: Allow admin to see invoices of users

Fixes #6489. As discussed with @TChukwuleta, this succeeds and closes #6497.

* Update controller to allow admin access for basic invoice actions
This commit is contained in:
d11n
2024-12-23 09:50:44 +01:00
committed by GitHub
parent 4ee12b41b1
commit 08835895e9
1 changed files with 16 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
BTCPayServer/Controllers/UIInvoiceController.UI.cs
View File

@@ -56,8 +56,8 @@ namespace BTCPayServer.Controllers
{
var invoice = (await _InvoiceRepository.GetInvoices(new InvoiceQuery
{
InvoiceId = new[] { invoiceId },
UserId = GetUserId()
InvoiceId = [invoiceId],
UserId = GetUserIdForInvoiceQuery()
})).FirstOrDefault();
if (invoice is null)
return NotFound();
@@ -71,11 +71,11 @@ namespace BTCPayServer.Controllers
[Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
public async Task<IActionResult> RedeliverWebhook(string storeId, string invoiceId, string deliveryId)
{
var invoice = (await _InvoiceRepository.GetInvoices(new InvoiceQuery()
var invoice = (await _InvoiceRepository.GetInvoices(new InvoiceQuery
{
InvoiceId = new[] { invoiceId },
StoreId = new[] { storeId },
UserId = GetUserId()
InvoiceId = [invoiceId],
StoreId = [storeId],
UserId = GetUserIdForInvoiceQuery()
})).FirstOrDefault();
if (invoice is null)
return NotFound();
@@ -100,8 +100,8 @@ namespace BTCPayServer.Controllers
{
var invoice = (await _InvoiceRepository.GetInvoices(new InvoiceQuery
{
InvoiceId = new[] { invoiceId },
UserId = GetUserId(),
InvoiceId = [invoiceId],
UserId = GetUserIdForInvoiceQuery(),
IncludeAddresses = true,
IncludeArchived = true,
IncludeRefunds = true,
@@ -599,8 +599,8 @@ namespace BTCPayServer.Controllers
{
var invoice = (await _InvoiceRepository.GetInvoices(new InvoiceQuery
{
InvoiceId = new[] { invoiceId },
UserId = GetUserId(),
InvoiceId = [invoiceId],
UserId = GetUserIdForInvoiceQuery(),
IncludeAddresses = false,
IncludeArchived = true,
})).FirstOrDefault();
@@ -1116,7 +1116,7 @@ namespace BTCPayServer.Controllers
return new InvoiceQuery
{
TextSearch = textSearch,
UserId = GetUserId(),
UserId = GetUserIdForInvoiceQuery(),
Unusual = fs.GetFilterBool("unusual"),
IncludeArchived = fs.GetFilterBool("includearchived") ?? false,
Status = fs.GetFilterArray("status"),
@@ -1257,8 +1257,8 @@ namespace BTCPayServer.Controllers
{
var invoice = (await _InvoiceRepository.GetInvoices(new InvoiceQuery
{
InvoiceId = new[] { invoiceId },
UserId = GetUserId()
InvoiceId = [invoiceId],
UserId = GetUserIdForInvoiceQuery()
})).FirstOrDefault();
var model = new InvoiceStateChangeModel();
if (invoice == null)
@@ -1292,6 +1292,9 @@ namespace BTCPayServer.Controllers
private string GetUserId() => _UserManager.GetUserId(User)!;
// Let server admin lookup invoices from users, see #6489
private string? GetUserIdForInvoiceQuery() => User.IsInRole(Roles.ServerAdmin) ? null : GetUserId();
private SelectList GetPaymentMethodsSelectList(StoreData store)
{
return new SelectList(store.GetPaymentMethodConfigs(_handlers, true)