From 318d8266945f15e83c44736302deb653f7783b56 Mon Sep 17 00:00:00 2001 From: "nicolas.dorier" Date: Fri, 20 Mar 2020 13:41:47 +0900 Subject: [PATCH] Rename Permissions.Can.. to Policies.Can.. --- BTCPayServer.Client/Permissions.cs | 44 ++++++++++--------- BTCPayServer.Tests/ApiKeysTests.cs | 26 +++++------ BTCPayServer.Tests/GreenfieldAPITests.cs | 14 +++--- BTCPayServer.Tests/UnitTest1.cs | 18 ++++---- .../Controllers/InvoiceController.API.cs | 2 +- .../Controllers/InvoiceController.UI.cs | 2 +- .../RestApi/TestApiKeyController.cs | 12 ++--- .../RestApi/Users/UsersController.cs | 2 +- BTCPayServer/Controllers/ServerController.cs | 2 +- BTCPayServer/Controllers/StoresController.cs | 2 +- BTCPayServer/Controllers/WalletsController.cs | 6 +-- .../{Policies.cs => ServerPolicies.cs} | 4 +- .../Monero/UI/MoneroLikeStoreController.cs | 4 +- 13 files changed, 70 insertions(+), 68 deletions(-) rename BTCPayServer/Security/{Policies.cs => ServerPolicies.cs} (88%) diff --git a/BTCPayServer.Client/Permissions.cs b/BTCPayServer.Client/Permissions.cs index de225cfc2..1dfa845c0 100644 --- a/BTCPayServer.Client/Permissions.cs +++ b/BTCPayServer.Client/Permissions.cs @@ -5,7 +5,7 @@ using System.Text.Json.Serialization; namespace BTCPayServer.Client { - public class Permission + public class Policies { public const string CanModifyServerSettings = "btcpay.server.canmodifyserversettings"; public const string CanModifyStoreSettings = "btcpay.store.canmodifystoresettings"; @@ -15,7 +15,6 @@ namespace BTCPayServer.Client public const string CanViewProfile = "btcpay.user.canviewprofile"; public const string CanCreateUser = "btcpay.server.cancreateuser"; public const string Unrestricted = "unrestricted"; - public static IEnumerable AllPolicies { get @@ -30,7 +29,18 @@ namespace BTCPayServer.Client yield return Unrestricted; } } + public static bool IsValidPolicy(string policy) + { + return AllPolicies.Any(p => p.Equals(policy, StringComparison.OrdinalIgnoreCase)); + } + public static bool IsStorePolicy(string policy) + { + return policy.StartsWith("btcpay.store", StringComparison.OrdinalIgnoreCase); + } + } + public class Permission + { public static Permission Create(string policy, string storeId = null) { if (TryCreatePermission(policy, storeId, out var r)) @@ -44,9 +54,9 @@ namespace BTCPayServer.Client if (policy == null) throw new ArgumentNullException(nameof(policy)); policy = policy.Trim().ToLowerInvariant(); - if (!IsValidPolicy(policy)) + if (!Policies.IsValidPolicy(policy)) return false; - if (storeId != null && !IsStorePolicy(policy)) + if (storeId != null && !Policies.IsStorePolicy(policy)) return false; permission = new Permission(policy, storeId); return true; @@ -62,7 +72,7 @@ namespace BTCPayServer.Client if (separator == -1) { str = str.ToLowerInvariant(); - if (!IsValidPolicy(str)) + if (!Policies.IsValidPolicy(str)) return false; permission = new Permission(str, null); return true; @@ -70,9 +80,9 @@ namespace BTCPayServer.Client else { var policy = str.Substring(0, separator).ToLowerInvariant(); - if (!IsValidPolicy(policy)) + if (!Policies.IsValidPolicy(policy)) return false; - if (!IsStorePolicy(policy)) + if (!Policies.IsStorePolicy(policy)) return false; var storeId = str.Substring(separator + 1); if (storeId.Length == 0) @@ -82,15 +92,7 @@ namespace BTCPayServer.Client } } - private static bool IsValidPolicy(string policy) - { - return AllPolicies.Any(p => p.Equals(policy, StringComparison.OrdinalIgnoreCase)); - } - - private static bool IsStorePolicy(string policy) - { - return policy.StartsWith("btcpay.store", StringComparison.OrdinalIgnoreCase); - } + internal Permission(string policy, string storeId) { @@ -107,7 +109,7 @@ namespace BTCPayServer.Client { return false; } - if (!IsStorePolicy(subpermission.Policy)) + if (!Policies.IsStorePolicy(subpermission.Policy)) return true; return StoreId == null || subpermission.StoreId == this.StoreId; } @@ -133,15 +135,15 @@ namespace BTCPayServer.Client private bool ContainsPolicy(string subpolicy) { - if (this.Policy == Unrestricted) + if (this.Policy == Policies.Unrestricted) return true; if (this.Policy == subpolicy) return true; - if (subpolicy == CanViewStoreSettings && this.Policy == CanModifyStoreSettings) + if (subpolicy == Policies.CanViewStoreSettings && this.Policy == Policies.CanModifyStoreSettings) return true; - if (subpolicy == CanCreateInvoice && this.Policy == CanModifyStoreSettings) + if (subpolicy == Policies.CanCreateInvoice && this.Policy == Policies.CanModifyStoreSettings) return true; - if (subpolicy == CanViewProfile && this.Policy == CanModifyProfile) + if (subpolicy == Policies.CanViewProfile && this.Policy == Policies.CanModifyProfile) return true; return false; } diff --git a/BTCPayServer.Tests/ApiKeysTests.cs b/BTCPayServer.Tests/ApiKeysTests.cs index 322ccd31d..ee7c64f4d 100644 --- a/BTCPayServer.Tests/ApiKeysTests.cs +++ b/BTCPayServer.Tests/ApiKeysTests.cs @@ -67,7 +67,7 @@ namespace BTCPayServer.Tests var superApiKey = s.AssertHappyMessage().FindElement(By.TagName("code")).Text; //this api key has access to everything - await TestApiAgainstAccessToken(superApiKey, tester, user, $"{Permission.CanModifyServerSettings};{Permission.CanModifyStoreSettings};{Permission.CanViewProfile}"); + await TestApiAgainstAccessToken(superApiKey, tester, user, $"{Policies.CanModifyServerSettings};{Policies.CanModifyStoreSettings};{Policies.CanViewProfile}"); s.Driver.FindElement(By.Id("AddApiKey")).Click(); @@ -75,7 +75,7 @@ namespace BTCPayServer.Tests s.Driver.FindElement(By.Id("Generate")).Click(); var serverOnlyApiKey = s.AssertHappyMessage().FindElement(By.TagName("code")).Text; await TestApiAgainstAccessToken(serverOnlyApiKey, tester, user, - Permission.CanModifyServerSettings); + Policies.CanModifyServerSettings); s.Driver.FindElement(By.Id("AddApiKey")).Click(); @@ -83,7 +83,7 @@ namespace BTCPayServer.Tests s.Driver.FindElement(By.Id("Generate")).Click(); var allStoreOnlyApiKey = s.AssertHappyMessage().FindElement(By.TagName("code")).Text; await TestApiAgainstAccessToken(allStoreOnlyApiKey, tester, user, - Permission.CanModifyStoreSettings); + Policies.CanModifyStoreSettings); s.Driver.FindElement(By.Id("AddApiKey")).Click(); s.Driver.FindElement(By.CssSelector("button[value=change-store-mode]")).Click(); @@ -95,7 +95,7 @@ namespace BTCPayServer.Tests s.Driver.FindElement(By.Id("Generate")).Click(); var selectiveStoreApiKey = s.AssertHappyMessage().FindElement(By.TagName("code")).Text; await TestApiAgainstAccessToken(selectiveStoreApiKey, tester, user, - Permission.Create(Permission.CanModifyStoreSettings, storeId).ToString()); + Permission.Create(Policies.CanModifyStoreSettings, storeId).ToString()); s.Driver.FindElement(By.Id("AddApiKey")).Click(); s.Driver.FindElement(By.Id("Generate")).Click(); @@ -117,7 +117,7 @@ namespace BTCPayServer.Tests //strict //selectiveStores var authUrl = BTCPayServerClient.GenerateAuthorizeUri(tester.PayTester.ServerUri, - new[] { Permission.CanModifyStoreSettings, Permission.CanModifyServerSettings }).ToString(); + new[] { Policies.CanModifyStoreSettings, Policies.CanModifyServerSettings }).ToString(); s.Driver.Navigate().GoToUrl(authUrl); s.Driver.PageSource.Contains("kukksappname"); Assert.Equal("hidden", s.Driver.FindElement(By.Id("btcpay.store.canmodifystoresettings")).GetAttribute("type").ToLowerInvariant()); @@ -136,7 +136,7 @@ namespace BTCPayServer.Tests (await apiKeyRepo.GetKey(results.Single(pair => pair.Key == "key").Value)).Permissions); authUrl = BTCPayServerClient.GenerateAuthorizeUri(tester.PayTester.ServerUri, - new[] { Permission.CanModifyStoreSettings, Permission.CanModifyServerSettings }, false, true).ToString(); + new[] { Policies.CanModifyStoreSettings, Policies.CanModifyServerSettings }, false, true).ToString(); s.Driver.Navigate().GoToUrl(authUrl); Assert.DoesNotContain("kukksappname", s.Driver.PageSource); @@ -172,7 +172,7 @@ namespace BTCPayServer.Tests Assert.True(permissions.Any(p => p == expectPermission), $"Missing expected permission {expectPermission}"); } - if (permissions.Contains(Permission.Create(Permission.CanViewProfile))) + if (permissions.Contains(Permission.Create(Policies.CanViewProfile))) { var resultUser = await TestApiAgainstAccessToken(accessToken, $"{TestApiPath}/me/id", tester.PayTester.HttpClient); Assert.Equal(testAccount.UserId, resultUser); @@ -188,10 +188,10 @@ namespace BTCPayServer.Tests var secondUser = tester.NewAccount(); secondUser.GrantAccess(); - var canModifyAllStores = Permission.Create(Permission.CanModifyStoreSettings, null); - var canModifyServer = Permission.Create(Permission.CanModifyServerSettings, null); - var unrestricted = Permission.Create(Permission.Unrestricted, null); - var selectiveStorePermissions = permissions.Where(p => p.StoreId != null && p.Policy == Permission.CanModifyStoreSettings); + var canModifyAllStores = Permission.Create(Policies.CanModifyStoreSettings, null); + var canModifyServer = Permission.Create(Policies.CanModifyServerSettings, null); + var unrestricted = Permission.Create(Policies.Unrestricted, null); + var selectiveStorePermissions = permissions.Where(p => p.StoreId != null && p.Policy == Policies.CanModifyStoreSettings); if (permissions.Contains(canModifyAllStores) || selectiveStorePermissions.Any()) { var resultStores = @@ -209,7 +209,7 @@ namespace BTCPayServer.Tests } bool shouldBeAuthorized = false; - if (permissions.Contains(canModifyAllStores) || selectiveStorePermissions.Contains(Permission.Create(Permission.CanViewStoreSettings, testAccount.StoreId))) + if (permissions.Contains(canModifyAllStores) || selectiveStorePermissions.Contains(Permission.Create(Policies.CanViewStoreSettings, testAccount.StoreId))) { Assert.True(await TestApiAgainstAccessToken(accessToken, $"{TestApiPath}/me/stores/{testAccount.StoreId}/can-view", @@ -218,7 +218,7 @@ namespace BTCPayServer.Tests data => data.Id.Equals(testAccount.StoreId, StringComparison.InvariantCultureIgnoreCase)); shouldBeAuthorized = true; } - if (permissions.Contains(canModifyAllStores) || selectiveStorePermissions.Contains(Permission.Create(Permission.CanModifyStoreSettings, testAccount.StoreId))) + if (permissions.Contains(canModifyAllStores) || selectiveStorePermissions.Contains(Permission.Create(Policies.CanModifyStoreSettings, testAccount.StoreId))) { Assert.True(await TestApiAgainstAccessToken(accessToken, $"{TestApiPath}/me/stores/{testAccount.StoreId}/can-view", diff --git a/BTCPayServer.Tests/GreenfieldAPITests.cs b/BTCPayServer.Tests/GreenfieldAPITests.cs index c0aea9463..b3569dcbe 100644 --- a/BTCPayServer.Tests/GreenfieldAPITests.cs +++ b/BTCPayServer.Tests/GreenfieldAPITests.cs @@ -38,7 +38,7 @@ namespace BTCPayServer.Tests var user = tester.NewAccount(); user.GrantAccess(); await user.MakeAdmin(); - var client = await user.CreateClient(Permission.CanModifyServerSettings, Permission.CanModifyStoreSettings); + var client = await user.CreateClient(Policies.CanModifyServerSettings, Policies.CanModifyStoreSettings); //Get current api key var apiKeyData = await client.GetCurrentAPIKeyInfo(); Assert.NotNull(apiKeyData); @@ -97,14 +97,14 @@ namespace BTCPayServer.Tests var adminAcc = tester.NewAccount(); adminAcc.UserId = admin.Id; adminAcc.IsAdmin = true; - var adminClient = await adminAcc.CreateClient(Permission.CanModifyProfile); + var adminClient = await adminAcc.CreateClient(Policies.CanModifyProfile); // We should be forbidden to create a new user without proper admin permissions await AssertHttpError(403, async () => await adminClient.CreateUser(new CreateApplicationUserRequest() { Email = "test4@gmail.com", Password = "afewfoiewiou" })); await AssertHttpError(403, async () => await adminClient.CreateUser(new CreateApplicationUserRequest() { Email = "test4@gmail.com", Password = "afewfoiewiou", IsAdministrator = true })); // However, should be ok with the server management permissions - adminClient = await adminAcc.CreateClient(Permission.CanModifyServerSettings); + adminClient = await adminAcc.CreateClient(Policies.CanModifyServerSettings); await adminClient.CreateUser(new CreateApplicationUserRequest() { Email = "test4@gmail.com", Password = "afewfoiewiou" }); // Even creating new admin should be ok await adminClient.CreateUser(new CreateApplicationUserRequest() { Email = "admin4@gmail.com", Password = "afewfoiewiou", IsAdministrator = true }); @@ -112,7 +112,7 @@ namespace BTCPayServer.Tests var user1Acc = tester.NewAccount(); user1Acc.UserId = user1.Id; user1Acc.IsAdmin = false; - var user1Client = await user1Acc.CreateClient(Permission.CanModifyServerSettings); + var user1Client = await user1Acc.CreateClient(Policies.CanModifyServerSettings); // User1 trying to get server management would still fail to create user await AssertHttpError(403, async () => await user1Client.CreateUser(new CreateApplicationUserRequest() { Email = "test8@gmail.com", Password = "afewfoiewiou" })); @@ -141,9 +141,9 @@ namespace BTCPayServer.Tests var user = tester.NewAccount(); user.GrantAccess(); await user.MakeAdmin(); - var clientProfile = await user.CreateClient(Permission.CanModifyProfile); - var clientServer = await user.CreateClient(Permission.CanModifyServerSettings, Permission.CanViewProfile); - var clientInsufficient = await user.CreateClient(Permission.CanModifyStoreSettings); + var clientProfile = await user.CreateClient(Policies.CanModifyProfile); + var clientServer = await user.CreateClient(Policies.CanModifyServerSettings, Policies.CanViewProfile); + var clientInsufficient = await user.CreateClient(Policies.CanModifyStoreSettings); var apiKeyProfileUserData = await clientProfile.GetCurrentUser(); diff --git a/BTCPayServer.Tests/UnitTest1.cs b/BTCPayServer.Tests/UnitTest1.cs index 94013f5d0..e43973286 100644 --- a/BTCPayServer.Tests/UnitTest1.cs +++ b/BTCPayServer.Tests/UnitTest1.cs @@ -3005,16 +3005,16 @@ noninventoryitem: [Trait("Fast", "Fast")] public void CanUsePermission() { - Assert.True(Permission.Create(Permission.CanModifyServerSettings).Contains(Permission.Create(Permission.CanModifyServerSettings))); - Assert.True(Permission.Create(Permission.CanModifyProfile).Contains(Permission.Create(Permission.CanViewProfile))); - Assert.True(Permission.Create(Permission.CanModifyStoreSettings).Contains(Permission.Create(Permission.CanViewStoreSettings))); - Assert.False(Permission.Create(Permission.CanViewStoreSettings).Contains(Permission.Create(Permission.CanModifyStoreSettings))); - Assert.False(Permission.Create(Permission.CanModifyServerSettings).Contains(Permission.Create(Permission.CanModifyStoreSettings))); - Assert.True(Permission.Create(Permission.Unrestricted).Contains(Permission.Create(Permission.CanModifyStoreSettings))); - Assert.True(Permission.Create(Permission.Unrestricted).Contains(Permission.Create(Permission.CanModifyStoreSettings, "abc"))); + Assert.True(Permission.Create(Policies.CanModifyServerSettings).Contains(Permission.Create(Policies.CanModifyServerSettings))); + Assert.True(Permission.Create(Policies.CanModifyProfile).Contains(Permission.Create(Policies.CanViewProfile))); + Assert.True(Permission.Create(Policies.CanModifyStoreSettings).Contains(Permission.Create(Policies.CanViewStoreSettings))); + Assert.False(Permission.Create(Policies.CanViewStoreSettings).Contains(Permission.Create(Policies.CanModifyStoreSettings))); + Assert.False(Permission.Create(Policies.CanModifyServerSettings).Contains(Permission.Create(Policies.CanModifyStoreSettings))); + Assert.True(Permission.Create(Policies.Unrestricted).Contains(Permission.Create(Policies.CanModifyStoreSettings))); + Assert.True(Permission.Create(Policies.Unrestricted).Contains(Permission.Create(Policies.CanModifyStoreSettings, "abc"))); - Assert.True(Permission.Create(Permission.CanViewStoreSettings).Contains(Permission.Create(Permission.CanViewStoreSettings, "abcd"))); - Assert.False(Permission.Create(Permission.CanModifyStoreSettings, "abcd").Contains(Permission.Create(Permission.CanModifyStoreSettings))); + Assert.True(Permission.Create(Policies.CanViewStoreSettings).Contains(Permission.Create(Policies.CanViewStoreSettings, "abcd"))); + Assert.False(Permission.Create(Policies.CanModifyStoreSettings, "abcd").Contains(Permission.Create(Policies.CanModifyStoreSettings))); } [Fact(Timeout = TestTimeout)] diff --git a/BTCPayServer/Controllers/InvoiceController.API.cs b/BTCPayServer/Controllers/InvoiceController.API.cs index e95a11c17..16136cd6a 100644 --- a/BTCPayServer/Controllers/InvoiceController.API.cs +++ b/BTCPayServer/Controllers/InvoiceController.API.cs @@ -13,7 +13,7 @@ using Microsoft.AspNetCore.Mvc; namespace BTCPayServer.Controllers { [BitpayAPIConstraint] - [Authorize(Permission.CanCreateInvoice, AuthenticationSchemes = AuthenticationSchemes.Bitpay)] + [Authorize(Policies.CanCreateInvoice, AuthenticationSchemes = AuthenticationSchemes.Bitpay)] public class InvoiceControllerAPI : Controller { private InvoiceController _InvoiceController; diff --git a/BTCPayServer/Controllers/InvoiceController.UI.cs b/BTCPayServer/Controllers/InvoiceController.UI.cs index 9eca43d5a..f057420fb 100644 --- a/BTCPayServer/Controllers/InvoiceController.UI.cs +++ b/BTCPayServer/Controllers/InvoiceController.UI.cs @@ -511,7 +511,7 @@ namespace BTCPayServer.Controllers [HttpPost] [Route("invoices/create")] - [Authorize(Policy = Permission.CanCreateInvoice, AuthenticationSchemes = AuthenticationSchemes.Cookie)] + [Authorize(Policy = Policies.CanCreateInvoice, AuthenticationSchemes = AuthenticationSchemes.Cookie)] [BitpayAPIConstraint(false)] public async Task CreateInvoice(CreateInvoiceModel model, CancellationToken cancellationToken) { diff --git a/BTCPayServer/Controllers/RestApi/TestApiKeyController.cs b/BTCPayServer/Controllers/RestApi/TestApiKeyController.cs index ac81ef575..971fd63b1 100644 --- a/BTCPayServer/Controllers/RestApi/TestApiKeyController.cs +++ b/BTCPayServer/Controllers/RestApi/TestApiKeyController.cs @@ -28,35 +28,35 @@ namespace BTCPayServer.Controllers.RestApi } [HttpGet("me/id")] - [Authorize(Policy = Permission.CanViewProfile, AuthenticationSchemes = AuthenticationSchemes.ApiKey)] + [Authorize(Policy = Policies.CanViewProfile, AuthenticationSchemes = AuthenticationSchemes.ApiKey)] public string GetCurrentUserId() { return _userManager.GetUserId(User); } [HttpGet("me")] - [Authorize(Policy = Permission.CanViewProfile, AuthenticationSchemes = AuthenticationSchemes.ApiKey)] + [Authorize(Policy = Policies.CanViewProfile, AuthenticationSchemes = AuthenticationSchemes.ApiKey)] public async Task GetCurrentUser() { return await _userManager.GetUserAsync(User); } [HttpGet("me/is-admin")] - [Authorize(Policy = Permission.CanModifyServerSettings, AuthenticationSchemes = AuthenticationSchemes.ApiKey)] + [Authorize(Policy = Policies.CanModifyServerSettings, AuthenticationSchemes = AuthenticationSchemes.ApiKey)] public bool AmIAnAdmin() { return true; } [HttpGet("me/stores")] - [Authorize(Policy = Permission.CanViewStoreSettings, AuthenticationSchemes = AuthenticationSchemes.ApiKey)] + [Authorize(Policy = Policies.CanViewStoreSettings, AuthenticationSchemes = AuthenticationSchemes.ApiKey)] public StoreData[] GetCurrentUserStores() { return this.HttpContext.GetStoresData(); } [HttpGet("me/stores/{storeId}/can-view")] - [Authorize(Policy = Permission.CanViewStoreSettings, + [Authorize(Policy = Policies.CanViewStoreSettings, AuthenticationSchemes = AuthenticationSchemes.ApiKey)] public bool CanViewStore(string storeId) { @@ -64,7 +64,7 @@ namespace BTCPayServer.Controllers.RestApi } [HttpGet("me/stores/{storeId}/can-edit")] - [Authorize(Policy = Permission.CanModifyStoreSettings, + [Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.ApiKey)] public bool CanEditStore(string storeId) { diff --git a/BTCPayServer/Controllers/RestApi/Users/UsersController.cs b/BTCPayServer/Controllers/RestApi/Users/UsersController.cs index 7c2763d32..883769264 100644 --- a/BTCPayServer/Controllers/RestApi/Users/UsersController.cs +++ b/BTCPayServer/Controllers/RestApi/Users/UsersController.cs @@ -55,7 +55,7 @@ namespace BTCPayServer.Controllers.RestApi.Users _authorizationService = authorizationService; } - [Authorize(Policy = Permission.CanViewProfile, AuthenticationSchemes = AuthenticationSchemes.ApiKey)] + [Authorize(Policy = Policies.CanViewProfile, AuthenticationSchemes = AuthenticationSchemes.ApiKey)] [HttpGet("~/api/v1/users/me")] public async Task> GetCurrentUser() { diff --git a/BTCPayServer/Controllers/ServerController.cs b/BTCPayServer/Controllers/ServerController.cs index 28b7df6cb..43271d173 100644 --- a/BTCPayServer/Controllers/ServerController.cs +++ b/BTCPayServer/Controllers/ServerController.cs @@ -39,7 +39,7 @@ using BTCPayServer.Client; namespace BTCPayServer.Controllers { - [Authorize(Policy = Permission.CanModifyServerSettings, + [Authorize(Policy = Policies.CanModifyServerSettings, AuthenticationSchemes = BTCPayServer.Security.AuthenticationSchemes.Cookie)] public partial class ServerController : Controller { diff --git a/BTCPayServer/Controllers/StoresController.cs b/BTCPayServer/Controllers/StoresController.cs index fcce5c962..2f22c1325 100644 --- a/BTCPayServer/Controllers/StoresController.cs +++ b/BTCPayServer/Controllers/StoresController.cs @@ -34,7 +34,7 @@ namespace BTCPayServer.Controllers { [Route("stores")] [Authorize(AuthenticationSchemes = AuthenticationSchemes.Cookie)] - [Authorize(Policy = Permission.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)] + [Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)] [AutoValidateAntiforgeryToken] public partial class StoresController : Controller { diff --git a/BTCPayServer/Controllers/WalletsController.cs b/BTCPayServer/Controllers/WalletsController.cs index bce2f827f..b363aebaa 100644 --- a/BTCPayServer/Controllers/WalletsController.cs +++ b/BTCPayServer/Controllers/WalletsController.cs @@ -31,7 +31,7 @@ using Newtonsoft.Json; namespace BTCPayServer.Controllers { [Route("wallets")] - [Authorize(Policy = Permission.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)] + [Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)] [AutoValidateAntiforgeryToken] public partial class WalletsController : Controller { @@ -840,7 +840,7 @@ namespace BTCPayServer.Controllers var vm = new RescanWalletModel(); vm.IsFullySync = _dashboard.IsFullySynched(walletId.CryptoCode, out var unused); - vm.IsServerAdmin = (await _authorizationService.AuthorizeAsync(User, Permission.CanModifyServerSettings)).Succeeded; + vm.IsServerAdmin = (await _authorizationService.AuthorizeAsync(User, Policies.CanModifyServerSettings)).Succeeded; vm.IsSupportedByCurrency = _dashboard.Get(walletId.CryptoCode)?.Status?.BitcoinStatus?.Capabilities?.CanScanTxoutSet == true; var explorer = ExplorerClientProvider.GetExplorerClient(walletId.CryptoCode); var scanProgress = await explorer.GetScanUTXOSetInformationAsync(paymentMethod.AccountDerivation); @@ -870,7 +870,7 @@ namespace BTCPayServer.Controllers [HttpPost] [Route("{walletId}/rescan")] - [Authorize(Policy = Permission.CanModifyServerSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)] + [Authorize(Policy = Policies.CanModifyServerSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)] public async Task WalletRescan( [ModelBinder(typeof(WalletIdModelBinder))] WalletId walletId, RescanWalletModel vm) diff --git a/BTCPayServer/Security/Policies.cs b/BTCPayServer/Security/ServerPolicies.cs similarity index 88% rename from BTCPayServer/Security/Policies.cs rename to BTCPayServer/Security/ServerPolicies.cs index b4cfccc5a..6028de19f 100644 --- a/BTCPayServer/Security/Policies.cs +++ b/BTCPayServer/Security/ServerPolicies.cs @@ -3,11 +3,11 @@ using Microsoft.AspNetCore.Authorization; namespace BTCPayServer.Security { - public static class Policies + public static class ServerPolicies { public static AuthorizationOptions AddBTCPayPolicies(this AuthorizationOptions options) { - foreach (var p in Permission.AllPolicies) + foreach (var p in Policies.AllPolicies) { options.AddPolicy(p); } diff --git a/BTCPayServer/Services/Altcoins/Monero/UI/MoneroLikeStoreController.cs b/BTCPayServer/Services/Altcoins/Monero/UI/MoneroLikeStoreController.cs index 7cccf57fa..87f852063 100644 --- a/BTCPayServer/Services/Altcoins/Monero/UI/MoneroLikeStoreController.cs +++ b/BTCPayServer/Services/Altcoins/Monero/UI/MoneroLikeStoreController.cs @@ -27,8 +27,8 @@ namespace BTCPayServer.Services.Altcoins.Monero.UI [Route("stores/{storeId}/monerolike")] [OnlyIfSupportAttribute("XMR")] [Authorize(AuthenticationSchemes = AuthenticationSchemes.Cookie)] - [Authorize(Policy = Permission.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)] - [Authorize(Policy = Permission.CanModifyServerSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)] + [Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)] + [Authorize(Policy = Policies.CanModifyServerSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)] public class MoneroLikeStoreController : Controller { private readonly MoneroLikeConfiguration _MoneroLikeConfiguration;