aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2025-12-19 06:54:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

Greenfield API: God Mode

Browse Source 
When the `ServerManagement` permission is granted, you should be able to do everything in the system.
Maybe I should rename it to GodMode as a permission to not have any confusion with managing server settings (currently `ServerManagement`)?
This commit is contained in:
Kukks
2020-03-12 18:43:57 +01:00
parent b5664dac81
commit 0c065df4bd
2 changed files with 23 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
BTCPayServer/Security/APIKeys/APIKeyAuthorizationHandler.cs
View File

@@ -1,4 +1,5 @@
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using BTCPayServer.Client;
using BTCPayServer.Data;
@@ -69,20 +70,32 @@ namespace BTCPayServer.Security.APIKeys
case Policies.CanModifyServerSettings.Key:
if (!context.HasPermissions(Permissions.ServerManagement))
break;
// For this authorization, we stil check in database because it is super sensitive.
var user = await _userManager.GetUserAsync(context.User);
if (user == null)
break;
if (!await _userManager.IsInRoleAsync(user, Roles.ServerAdmin))
break;
success = true;
// For this authorization, we still check in database because it is super sensitive.
success = await IsUserAdmin(context.User);
break;
}
//if you do not have the specific permissions, BUT you have server management, we enable god mode
if (!success && context.HasPermissions(Permissions.ServerManagement) &&
requirement.Policy != Policies.CanModifyServerSettings.Key)
{
success = await IsUserAdmin(context.User);
}
if (success)
{
context.Succeed(requirement);
}
}
private async Task<bool> IsUserAdmin(ClaimsPrincipal contextUser)
{
var user = await _userManager.GetUserAsync(contextUser);
if (user == null)
return false;
if (!await _userManager.IsInRoleAsync(user, Roles.ServerAdmin))
return false;
return true;
}
}
}