aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2025-12-18 06:24:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

Rename Permissions.Can.. to Policies.Can..

Browse Source
This commit is contained in:
nicolas.dorier
2020-03-20 13:41:47 +09:00
parent 44b3bb34a4
commit 318d826694
13 changed files with 70 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
BTCPayServer.Client/Permissions.cs
View File

@@ -5,7 +5,7 @@ using System.Text.Json.Serialization;
namespace BTCPayServer.Client namespace BTCPayServer.Client
{ {
public class Permission public class Policies
{ {
public const string CanModifyServerSettings = "btcpay.server.canmodifyserversettings"; public const string CanModifyServerSettings = "btcpay.server.canmodifyserversettings";
public const string CanModifyStoreSettings = "btcpay.store.canmodifystoresettings"; public const string CanModifyStoreSettings = "btcpay.store.canmodifystoresettings";
@@ -15,7 +15,6 @@ namespace BTCPayServer.Client
public const string CanViewProfile = "btcpay.user.canviewprofile"; public const string CanViewProfile = "btcpay.user.canviewprofile";
public const string CanCreateUser = "btcpay.server.cancreateuser"; public const string CanCreateUser = "btcpay.server.cancreateuser";
public const string Unrestricted = "unrestricted"; public const string Unrestricted = "unrestricted";
public static IEnumerable<string> AllPolicies public static IEnumerable<string> AllPolicies
{ {
get get
@@ -30,7 +29,18 @@ namespace BTCPayServer.Client
yield return Unrestricted; yield return Unrestricted;
} }
} }
public static bool IsValidPolicy(string policy)
{
return AllPolicies.Any(p => p.Equals(policy, StringComparison.OrdinalIgnoreCase));
}
public static bool IsStorePolicy(string policy)
{
return policy.StartsWith("btcpay.store", StringComparison.OrdinalIgnoreCase);
}
}
public class Permission
{
public static Permission Create(string policy, string storeId = null) public static Permission Create(string policy, string storeId = null)
{ {
if (TryCreatePermission(policy, storeId, out var r)) if (TryCreatePermission(policy, storeId, out var r))
@@ -44,9 +54,9 @@ namespace BTCPayServer.Client
if (policy == null) if (policy == null)
throw new ArgumentNullException(nameof(policy)); throw new ArgumentNullException(nameof(policy));
policy = policy.Trim().ToLowerInvariant(); policy = policy.Trim().ToLowerInvariant();
if (!IsValidPolicy(policy)) if (!Policies.IsValidPolicy(policy))
return false; return false;
if (storeId != null && !IsStorePolicy(policy)) if (storeId != null && !Policies.IsStorePolicy(policy))
return false; return false;
permission = new Permission(policy, storeId); permission = new Permission(policy, storeId);
return true; return true;
@@ -62,7 +72,7 @@ namespace BTCPayServer.Client
if (separator == -1) if (separator == -1)
{ {
str = str.ToLowerInvariant(); str = str.ToLowerInvariant();
if (!IsValidPolicy(str)) if (!Policies.IsValidPolicy(str))
return false; return false;
permission = new Permission(str, null); permission = new Permission(str, null);
return true; return true;
@@ -70,9 +80,9 @@ namespace BTCPayServer.Client
else else
{ {
var policy = str.Substring(0, separator).ToLowerInvariant(); var policy = str.Substring(0, separator).ToLowerInvariant();
if (!IsValidPolicy(policy)) if (!Policies.IsValidPolicy(policy))
return false; return false;
if (!IsStorePolicy(policy)) if (!Policies.IsStorePolicy(policy))
return false; return false;
var storeId = str.Substring(separator + 1); var storeId = str.Substring(separator + 1);
if (storeId.Length == 0) if (storeId.Length == 0)
@@ -82,15 +92,7 @@ namespace BTCPayServer.Client
} }
} }
private static bool IsValidPolicy(string policy)
{
return AllPolicies.Any(p => p.Equals(policy, StringComparison.OrdinalIgnoreCase));
}
private static bool IsStorePolicy(string policy)
{
return policy.StartsWith("btcpay.store", StringComparison.OrdinalIgnoreCase);
}
internal Permission(string policy, string storeId) internal Permission(string policy, string storeId)
{ {
@@ -107,7 +109,7 @@ namespace BTCPayServer.Client
{ {
return false; return false;
} }
if (!IsStorePolicy(subpermission.Policy)) if (!Policies.IsStorePolicy(subpermission.Policy))
return true; return true;
return StoreId == null || subpermission.StoreId == this.StoreId; return StoreId == null || subpermission.StoreId == this.StoreId;
} }
@@ -133,15 +135,15 @@ namespace BTCPayServer.Client
private bool ContainsPolicy(string subpolicy) private bool ContainsPolicy(string subpolicy)
{ {
if (this.Policy == Unrestricted) if (this.Policy == Policies.Unrestricted)
return true; return true;
if (this.Policy == subpolicy) if (this.Policy == subpolicy)
return true; return true;
if (subpolicy == CanViewStoreSettings && this.Policy == CanModifyStoreSettings) if (subpolicy == Policies.CanViewStoreSettings && this.Policy == Policies.CanModifyStoreSettings)
return true; return true;
if (subpolicy == CanCreateInvoice && this.Policy == CanModifyStoreSettings) if (subpolicy == Policies.CanCreateInvoice && this.Policy == Policies.CanModifyStoreSettings)
return true; return true;
if (subpolicy == CanViewProfile && this.Policy == CanModifyProfile) if (subpolicy == Policies.CanViewProfile && this.Policy == Policies.CanModifyProfile)
return true; return true;
return false; return false;
} }

26
BTCPayServer.Tests/ApiKeysTests.cs
View File

@@ -67,7 +67,7 @@ namespace BTCPayServer.Tests
var superApiKey = s.AssertHappyMessage().FindElement(By.TagName("code")).Text; var superApiKey = s.AssertHappyMessage().FindElement(By.TagName("code")).Text;
//this api key has access to everything //this api key has access to everything
await TestApiAgainstAccessToken(superApiKey, tester, user, $"{Permission.CanModifyServerSettings};{Permission.CanModifyStoreSettings};{Permission.CanViewProfile}"); await TestApiAgainstAccessToken(superApiKey, tester, user, $"{Policies.CanModifyServerSettings};{Policies.CanModifyStoreSettings};{Policies.CanViewProfile}");
s.Driver.FindElement(By.Id("AddApiKey")).Click(); s.Driver.FindElement(By.Id("AddApiKey")).Click();
@@ -75,7 +75,7 @@ namespace BTCPayServer.Tests
s.Driver.FindElement(By.Id("Generate")).Click(); s.Driver.FindElement(By.Id("Generate")).Click();
var serverOnlyApiKey = s.AssertHappyMessage().FindElement(By.TagName("code")).Text; var serverOnlyApiKey = s.AssertHappyMessage().FindElement(By.TagName("code")).Text;
await TestApiAgainstAccessToken(serverOnlyApiKey, tester, user, await TestApiAgainstAccessToken(serverOnlyApiKey, tester, user,
Permission.CanModifyServerSettings); Policies.CanModifyServerSettings);
s.Driver.FindElement(By.Id("AddApiKey")).Click(); s.Driver.FindElement(By.Id("AddApiKey")).Click();
@@ -83,7 +83,7 @@ namespace BTCPayServer.Tests
s.Driver.FindElement(By.Id("Generate")).Click(); s.Driver.FindElement(By.Id("Generate")).Click();
var allStoreOnlyApiKey = s.AssertHappyMessage().FindElement(By.TagName("code")).Text; var allStoreOnlyApiKey = s.AssertHappyMessage().FindElement(By.TagName("code")).Text;
await TestApiAgainstAccessToken(allStoreOnlyApiKey, tester, user, await TestApiAgainstAccessToken(allStoreOnlyApiKey, tester, user,
Permission.CanModifyStoreSettings); Policies.CanModifyStoreSettings);
s.Driver.FindElement(By.Id("AddApiKey")).Click(); s.Driver.FindElement(By.Id("AddApiKey")).Click();
s.Driver.FindElement(By.CssSelector("button[value=change-store-mode]")).Click(); s.Driver.FindElement(By.CssSelector("button[value=change-store-mode]")).Click();
@@ -95,7 +95,7 @@ namespace BTCPayServer.Tests
s.Driver.FindElement(By.Id("Generate")).Click(); s.Driver.FindElement(By.Id("Generate")).Click();
var selectiveStoreApiKey = s.AssertHappyMessage().FindElement(By.TagName("code")).Text; var selectiveStoreApiKey = s.AssertHappyMessage().FindElement(By.TagName("code")).Text;
await TestApiAgainstAccessToken(selectiveStoreApiKey, tester, user, await TestApiAgainstAccessToken(selectiveStoreApiKey, tester, user,
Permission.Create(Permission.CanModifyStoreSettings, storeId).ToString()); Permission.Create(Policies.CanModifyStoreSettings, storeId).ToString());
s.Driver.FindElement(By.Id("AddApiKey")).Click(); s.Driver.FindElement(By.Id("AddApiKey")).Click();
s.Driver.FindElement(By.Id("Generate")).Click(); s.Driver.FindElement(By.Id("Generate")).Click();
@@ -117,7 +117,7 @@ namespace BTCPayServer.Tests
//strict //strict
//selectiveStores //selectiveStores
var authUrl = BTCPayServerClient.GenerateAuthorizeUri(tester.PayTester.ServerUri, var authUrl = BTCPayServerClient.GenerateAuthorizeUri(tester.PayTester.ServerUri,
new[] { Permission.CanModifyStoreSettings, Permission.CanModifyServerSettings }).ToString(); new[] { Policies.CanModifyStoreSettings, Policies.CanModifyServerSettings }).ToString();
s.Driver.Navigate().GoToUrl(authUrl); s.Driver.Navigate().GoToUrl(authUrl);
s.Driver.PageSource.Contains("kukksappname"); s.Driver.PageSource.Contains("kukksappname");
Assert.Equal("hidden", s.Driver.FindElement(By.Id("btcpay.store.canmodifystoresettings")).GetAttribute("type").ToLowerInvariant()); Assert.Equal("hidden", s.Driver.FindElement(By.Id("btcpay.store.canmodifystoresettings")).GetAttribute("type").ToLowerInvariant());
@@ -136,7 +136,7 @@ namespace BTCPayServer.Tests
(await apiKeyRepo.GetKey(results.Single(pair => pair.Key == "key").Value)).Permissions); (await apiKeyRepo.GetKey(results.Single(pair => pair.Key == "key").Value)).Permissions);
authUrl = BTCPayServerClient.GenerateAuthorizeUri(tester.PayTester.ServerUri, authUrl = BTCPayServerClient.GenerateAuthorizeUri(tester.PayTester.ServerUri,
new[] { Permission.CanModifyStoreSettings, Permission.CanModifyServerSettings }, false, true).ToString(); new[] { Policies.CanModifyStoreSettings, Policies.CanModifyServerSettings }, false, true).ToString();
s.Driver.Navigate().GoToUrl(authUrl); s.Driver.Navigate().GoToUrl(authUrl);
Assert.DoesNotContain("kukksappname", s.Driver.PageSource); Assert.DoesNotContain("kukksappname", s.Driver.PageSource);
@@ -172,7 +172,7 @@ namespace BTCPayServer.Tests
Assert.True(permissions.Any(p => p == expectPermission), $"Missing expected permission {expectPermission}"); Assert.True(permissions.Any(p => p == expectPermission), $"Missing expected permission {expectPermission}");
} }
if (permissions.Contains(Permission.Create(Permission.CanViewProfile))) if (permissions.Contains(Permission.Create(Policies.CanViewProfile)))
{ {
var resultUser = await TestApiAgainstAccessToken<string>(accessToken, $"{TestApiPath}/me/id", tester.PayTester.HttpClient); var resultUser = await TestApiAgainstAccessToken<string>(accessToken, $"{TestApiPath}/me/id", tester.PayTester.HttpClient);
Assert.Equal(testAccount.UserId, resultUser); Assert.Equal(testAccount.UserId, resultUser);
@@ -188,10 +188,10 @@ namespace BTCPayServer.Tests
var secondUser = tester.NewAccount(); var secondUser = tester.NewAccount();
secondUser.GrantAccess(); secondUser.GrantAccess();
var canModifyAllStores = Permission.Create(Permission.CanModifyStoreSettings, null); var canModifyAllStores = Permission.Create(Policies.CanModifyStoreSettings, null);
var canModifyServer = Permission.Create(Permission.CanModifyServerSettings, null); var canModifyServer = Permission.Create(Policies.CanModifyServerSettings, null);
var unrestricted = Permission.Create(Permission.Unrestricted, null); var unrestricted = Permission.Create(Policies.Unrestricted, null);
var selectiveStorePermissions = permissions.Where(p => p.StoreId != null && p.Policy == Permission.CanModifyStoreSettings); var selectiveStorePermissions = permissions.Where(p => p.StoreId != null && p.Policy == Policies.CanModifyStoreSettings);
if (permissions.Contains(canModifyAllStores) || selectiveStorePermissions.Any()) if (permissions.Contains(canModifyAllStores) || selectiveStorePermissions.Any())
{ {
var resultStores = var resultStores =
@@ -209,7 +209,7 @@ namespace BTCPayServer.Tests
} }
bool shouldBeAuthorized = false; bool shouldBeAuthorized = false;
if (permissions.Contains(canModifyAllStores) || selectiveStorePermissions.Contains(Permission.Create(Permission.CanViewStoreSettings, testAccount.StoreId))) if (permissions.Contains(canModifyAllStores) || selectiveStorePermissions.Contains(Permission.Create(Policies.CanViewStoreSettings, testAccount.StoreId)))
{ {
Assert.True(await TestApiAgainstAccessToken<bool>(accessToken, Assert.True(await TestApiAgainstAccessToken<bool>(accessToken,
$"{TestApiPath}/me/stores/{testAccount.StoreId}/can-view", $"{TestApiPath}/me/stores/{testAccount.StoreId}/can-view",
@@ -218,7 +218,7 @@ namespace BTCPayServer.Tests
data => data.Id.Equals(testAccount.StoreId, StringComparison.InvariantCultureIgnoreCase)); data => data.Id.Equals(testAccount.StoreId, StringComparison.InvariantCultureIgnoreCase));
shouldBeAuthorized = true; shouldBeAuthorized = true;
} }
if (permissions.Contains(canModifyAllStores) || selectiveStorePermissions.Contains(Permission.Create(Permission.CanModifyStoreSettings, testAccount.StoreId))) if (permissions.Contains(canModifyAllStores) || selectiveStorePermissions.Contains(Permission.Create(Policies.CanModifyStoreSettings, testAccount.StoreId)))
{ {
Assert.True(await TestApiAgainstAccessToken<bool>(accessToken, Assert.True(await TestApiAgainstAccessToken<bool>(accessToken,
$"{TestApiPath}/me/stores/{testAccount.StoreId}/can-view", $"{TestApiPath}/me/stores/{testAccount.StoreId}/can-view",

14
BTCPayServer.Tests/GreenfieldAPITests.cs
View File

@@ -38,7 +38,7 @@ namespace BTCPayServer.Tests
var user = tester.NewAccount(); var user = tester.NewAccount();
user.GrantAccess(); user.GrantAccess();
await user.MakeAdmin(); await user.MakeAdmin();
var client = await user.CreateClient(Permission.CanModifyServerSettings, Permission.CanModifyStoreSettings); var client = await user.CreateClient(Policies.CanModifyServerSettings, Policies.CanModifyStoreSettings);
//Get current api key //Get current api key
var apiKeyData = await client.GetCurrentAPIKeyInfo(); var apiKeyData = await client.GetCurrentAPIKeyInfo();
Assert.NotNull(apiKeyData); Assert.NotNull(apiKeyData);
@@ -97,14 +97,14 @@ namespace BTCPayServer.Tests
var adminAcc = tester.NewAccount(); var adminAcc = tester.NewAccount();
adminAcc.UserId = admin.Id; adminAcc.UserId = admin.Id;
adminAcc.IsAdmin = true; adminAcc.IsAdmin = true;
var adminClient = await adminAcc.CreateClient(Permission.CanModifyProfile); var adminClient = await adminAcc.CreateClient(Policies.CanModifyProfile);
// We should be forbidden to create a new user without proper admin permissions // We should be forbidden to create a new user without proper admin permissions
await AssertHttpError(403, async () => await adminClient.CreateUser(new CreateApplicationUserRequest() { Email = "test4@gmail.com", Password = "afewfoiewiou" })); await AssertHttpError(403, async () => await adminClient.CreateUser(new CreateApplicationUserRequest() { Email = "test4@gmail.com", Password = "afewfoiewiou" }));
await AssertHttpError(403, async () => await adminClient.CreateUser(new CreateApplicationUserRequest() { Email = "test4@gmail.com", Password = "afewfoiewiou", IsAdministrator = true })); await AssertHttpError(403, async () => await adminClient.CreateUser(new CreateApplicationUserRequest() { Email = "test4@gmail.com", Password = "afewfoiewiou", IsAdministrator = true }));
// However, should be ok with the server management permissions // However, should be ok with the server management permissions
adminClient = await adminAcc.CreateClient(Permission.CanModifyServerSettings); adminClient = await adminAcc.CreateClient(Policies.CanModifyServerSettings);
await adminClient.CreateUser(new CreateApplicationUserRequest() { Email = "test4@gmail.com", Password = "afewfoiewiou" }); await adminClient.CreateUser(new CreateApplicationUserRequest() { Email = "test4@gmail.com", Password = "afewfoiewiou" });
// Even creating new admin should be ok // Even creating new admin should be ok
await adminClient.CreateUser(new CreateApplicationUserRequest() { Email = "admin4@gmail.com", Password = "afewfoiewiou", IsAdministrator = true }); await adminClient.CreateUser(new CreateApplicationUserRequest() { Email = "admin4@gmail.com", Password = "afewfoiewiou", IsAdministrator = true });
@@ -112,7 +112,7 @@ namespace BTCPayServer.Tests
var user1Acc = tester.NewAccount(); var user1Acc = tester.NewAccount();
user1Acc.UserId = user1.Id; user1Acc.UserId = user1.Id;
user1Acc.IsAdmin = false; user1Acc.IsAdmin = false;
var user1Client = await user1Acc.CreateClient(Permission.CanModifyServerSettings); var user1Client = await user1Acc.CreateClient(Policies.CanModifyServerSettings);
// User1 trying to get server management would still fail to create user // User1 trying to get server management would still fail to create user
await AssertHttpError(403, async () => await user1Client.CreateUser(new CreateApplicationUserRequest() { Email = "test8@gmail.com", Password = "afewfoiewiou" })); await AssertHttpError(403, async () => await user1Client.CreateUser(new CreateApplicationUserRequest() { Email = "test8@gmail.com", Password = "afewfoiewiou" }));
@@ -141,9 +141,9 @@ namespace BTCPayServer.Tests
var user = tester.NewAccount(); var user = tester.NewAccount();
user.GrantAccess(); user.GrantAccess();
await user.MakeAdmin(); await user.MakeAdmin();
var clientProfile = await user.CreateClient(Permission.CanModifyProfile); var clientProfile = await user.CreateClient(Policies.CanModifyProfile);
var clientServer = await user.CreateClient(Permission.CanModifyServerSettings, Permission.CanViewProfile); var clientServer = await user.CreateClient(Policies.CanModifyServerSettings, Policies.CanViewProfile);
var clientInsufficient = await user.CreateClient(Permission.CanModifyStoreSettings); var clientInsufficient = await user.CreateClient(Policies.CanModifyStoreSettings);
var apiKeyProfileUserData = await clientProfile.GetCurrentUser(); var apiKeyProfileUserData = await clientProfile.GetCurrentUser();

18
BTCPayServer.Tests/UnitTest1.cs
View File

@@ -3005,16 +3005,16 @@ noninventoryitem:
[Trait("Fast", "Fast")] [Trait("Fast", "Fast")]
public void CanUsePermission() public void CanUsePermission()
{ {
Assert.True(Permission.Create(Permission.CanModifyServerSettings).Contains(Permission.Create(Permission.CanModifyServerSettings))); Assert.True(Permission.Create(Policies.CanModifyServerSettings).Contains(Permission.Create(Policies.CanModifyServerSettings)));
Assert.True(Permission.Create(Permission.CanModifyProfile).Contains(Permission.Create(Permission.CanViewProfile))); Assert.True(Permission.Create(Policies.CanModifyProfile).Contains(Permission.Create(Policies.CanViewProfile)));
Assert.True(Permission.Create(Permission.CanModifyStoreSettings).Contains(Permission.Create(Permission.CanViewStoreSettings))); Assert.True(Permission.Create(Policies.CanModifyStoreSettings).Contains(Permission.Create(Policies.CanViewStoreSettings)));
Assert.False(Permission.Create(Permission.CanViewStoreSettings).Contains(Permission.Create(Permission.CanModifyStoreSettings))); Assert.False(Permission.Create(Policies.CanViewStoreSettings).Contains(Permission.Create(Policies.CanModifyStoreSettings)));
Assert.False(Permission.Create(Permission.CanModifyServerSettings).Contains(Permission.Create(Permission.CanModifyStoreSettings))); Assert.False(Permission.Create(Policies.CanModifyServerSettings).Contains(Permission.Create(Policies.CanModifyStoreSettings)));
Assert.True(Permission.Create(Permission.Unrestricted).Contains(Permission.Create(Permission.CanModifyStoreSettings))); Assert.True(Permission.Create(Policies.Unrestricted).Contains(Permission.Create(Policies.CanModifyStoreSettings)));
Assert.True(Permission.Create(Permission.Unrestricted).Contains(Permission.Create(Permission.CanModifyStoreSettings, "abc"))); Assert.True(Permission.Create(Policies.Unrestricted).Contains(Permission.Create(Policies.CanModifyStoreSettings, "abc")));
Assert.True(Permission.Create(Permission.CanViewStoreSettings).Contains(Permission.Create(Permission.CanViewStoreSettings, "abcd"))); Assert.True(Permission.Create(Policies.CanViewStoreSettings).Contains(Permission.Create(Policies.CanViewStoreSettings, "abcd")));
Assert.False(Permission.Create(Permission.CanModifyStoreSettings, "abcd").Contains(Permission.Create(Permission.CanModifyStoreSettings))); Assert.False(Permission.Create(Policies.CanModifyStoreSettings, "abcd").Contains(Permission.Create(Policies.CanModifyStoreSettings)));
} }
[Fact(Timeout = TestTimeout)] [Fact(Timeout = TestTimeout)]

2
BTCPayServer/Controllers/InvoiceController.API.cs
View File

@@ -13,7 +13,7 @@ using Microsoft.AspNetCore.Mvc;
namespace BTCPayServer.Controllers namespace BTCPayServer.Controllers
{ {
[BitpayAPIConstraint] [BitpayAPIConstraint]
[Authorize(Permission.CanCreateInvoice, AuthenticationSchemes = AuthenticationSchemes.Bitpay)] [Authorize(Policies.CanCreateInvoice, AuthenticationSchemes = AuthenticationSchemes.Bitpay)]
public class InvoiceControllerAPI : Controller public class InvoiceControllerAPI : Controller
{ {
private InvoiceController _InvoiceController; private InvoiceController _InvoiceController;

2
BTCPayServer/Controllers/InvoiceController.UI.cs
View File

@@ -511,7 +511,7 @@ namespace BTCPayServer.Controllers
[HttpPost] [HttpPost]
[Route("invoices/create")] [Route("invoices/create")]
[Authorize(Policy = Permission.CanCreateInvoice, AuthenticationSchemes = AuthenticationSchemes.Cookie)] [Authorize(Policy = Policies.CanCreateInvoice, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
[BitpayAPIConstraint(false)] [BitpayAPIConstraint(false)]
public async Task<IActionResult> CreateInvoice(CreateInvoiceModel model, CancellationToken cancellationToken) public async Task<IActionResult> CreateInvoice(CreateInvoiceModel model, CancellationToken cancellationToken)
{ {

12
BTCPayServer/Controllers/RestApi/TestApiKeyController.cs
View File

@@ -28,35 +28,35 @@ namespace BTCPayServer.Controllers.RestApi
} }
[HttpGet("me/id")] [HttpGet("me/id")]
[Authorize(Policy = Permission.CanViewProfile, AuthenticationSchemes = AuthenticationSchemes.ApiKey)] [Authorize(Policy = Policies.CanViewProfile, AuthenticationSchemes = AuthenticationSchemes.ApiKey)]
public string GetCurrentUserId() public string GetCurrentUserId()
{ {
return _userManager.GetUserId(User); return _userManager.GetUserId(User);
} }
[HttpGet("me")] [HttpGet("me")]
[Authorize(Policy = Permission.CanViewProfile, AuthenticationSchemes = AuthenticationSchemes.ApiKey)] [Authorize(Policy = Policies.CanViewProfile, AuthenticationSchemes = AuthenticationSchemes.ApiKey)]
public async Task<ApplicationUser> GetCurrentUser() public async Task<ApplicationUser> GetCurrentUser()
{ {
return await _userManager.GetUserAsync(User); return await _userManager.GetUserAsync(User);
} }
[HttpGet("me/is-admin")] [HttpGet("me/is-admin")]
[Authorize(Policy = Permission.CanModifyServerSettings, AuthenticationSchemes = AuthenticationSchemes.ApiKey)] [Authorize(Policy = Policies.CanModifyServerSettings, AuthenticationSchemes = AuthenticationSchemes.ApiKey)]
public bool AmIAnAdmin() public bool AmIAnAdmin()
{ {
return true; return true;
} }
[HttpGet("me/stores")] [HttpGet("me/stores")]
[Authorize(Policy = Permission.CanViewStoreSettings, AuthenticationSchemes = AuthenticationSchemes.ApiKey)] [Authorize(Policy = Policies.CanViewStoreSettings, AuthenticationSchemes = AuthenticationSchemes.ApiKey)]
public StoreData[] GetCurrentUserStores() public StoreData[] GetCurrentUserStores()
{ {
return this.HttpContext.GetStoresData(); return this.HttpContext.GetStoresData();
} }
[HttpGet("me/stores/{storeId}/can-view")] [HttpGet("me/stores/{storeId}/can-view")]
[Authorize(Policy = Permission.CanViewStoreSettings, [Authorize(Policy = Policies.CanViewStoreSettings,
AuthenticationSchemes = AuthenticationSchemes.ApiKey)] AuthenticationSchemes = AuthenticationSchemes.ApiKey)]
public bool CanViewStore(string storeId) public bool CanViewStore(string storeId)
{ {
@@ -64,7 +64,7 @@ namespace BTCPayServer.Controllers.RestApi
} }
[HttpGet("me/stores/{storeId}/can-edit")] [HttpGet("me/stores/{storeId}/can-edit")]
[Authorize(Policy = Permission.CanModifyStoreSettings, [Authorize(Policy = Policies.CanModifyStoreSettings,
AuthenticationSchemes = AuthenticationSchemes.ApiKey)] AuthenticationSchemes = AuthenticationSchemes.ApiKey)]
public bool CanEditStore(string storeId) public bool CanEditStore(string storeId)
{ {

2
BTCPayServer/Controllers/RestApi/Users/UsersController.cs
View File

@@ -55,7 +55,7 @@ namespace BTCPayServer.Controllers.RestApi.Users
_authorizationService = authorizationService; _authorizationService = authorizationService;
} }
[Authorize(Policy = Permission.CanViewProfile, AuthenticationSchemes = AuthenticationSchemes.ApiKey)] [Authorize(Policy = Policies.CanViewProfile, AuthenticationSchemes = AuthenticationSchemes.ApiKey)]
[HttpGet("~/api/v1/users/me")] [HttpGet("~/api/v1/users/me")]
public async Task<ActionResult<ApplicationUserData>> GetCurrentUser() public async Task<ActionResult<ApplicationUserData>> GetCurrentUser()
{ {

2
BTCPayServer/Controllers/ServerController.cs
View File

@@ -39,7 +39,7 @@ using BTCPayServer.Client;
namespace BTCPayServer.Controllers namespace BTCPayServer.Controllers
{ {
[Authorize(Policy = Permission.CanModifyServerSettings, [Authorize(Policy = Policies.CanModifyServerSettings,
AuthenticationSchemes = BTCPayServer.Security.AuthenticationSchemes.Cookie)] AuthenticationSchemes = BTCPayServer.Security.AuthenticationSchemes.Cookie)]
public partial class ServerController : Controller public partial class ServerController : Controller
{ {

2
BTCPayServer/Controllers/StoresController.cs
View File

@@ -34,7 +34,7 @@ namespace BTCPayServer.Controllers
{ {
[Route("stores")] [Route("stores")]
[Authorize(AuthenticationSchemes = AuthenticationSchemes.Cookie)] [Authorize(AuthenticationSchemes = AuthenticationSchemes.Cookie)]
[Authorize(Policy = Permission.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)] [Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
[AutoValidateAntiforgeryToken] [AutoValidateAntiforgeryToken]
public partial class StoresController : Controller public partial class StoresController : Controller
{ {

6
BTCPayServer/Controllers/WalletsController.cs
View File

@@ -31,7 +31,7 @@ using Newtonsoft.Json;
namespace BTCPayServer.Controllers namespace BTCPayServer.Controllers
{ {
[Route("wallets")] [Route("wallets")]
[Authorize(Policy = Permission.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)] [Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
[AutoValidateAntiforgeryToken] [AutoValidateAntiforgeryToken]
public partial class WalletsController : Controller public partial class WalletsController : Controller
{ {
@@ -840,7 +840,7 @@ namespace BTCPayServer.Controllers
var vm = new RescanWalletModel(); var vm = new RescanWalletModel();
vm.IsFullySync = _dashboard.IsFullySynched(walletId.CryptoCode, out var unused); vm.IsFullySync = _dashboard.IsFullySynched(walletId.CryptoCode, out var unused);
vm.IsServerAdmin = (await _authorizationService.AuthorizeAsync(User, Permission.CanModifyServerSettings)).Succeeded; vm.IsServerAdmin = (await _authorizationService.AuthorizeAsync(User, Policies.CanModifyServerSettings)).Succeeded;
vm.IsSupportedByCurrency = _dashboard.Get(walletId.CryptoCode)?.Status?.BitcoinStatus?.Capabilities?.CanScanTxoutSet == true; vm.IsSupportedByCurrency = _dashboard.Get(walletId.CryptoCode)?.Status?.BitcoinStatus?.Capabilities?.CanScanTxoutSet == true;
var explorer = ExplorerClientProvider.GetExplorerClient(walletId.CryptoCode); var explorer = ExplorerClientProvider.GetExplorerClient(walletId.CryptoCode);
var scanProgress = await explorer.GetScanUTXOSetInformationAsync(paymentMethod.AccountDerivation); var scanProgress = await explorer.GetScanUTXOSetInformationAsync(paymentMethod.AccountDerivation);
@@ -870,7 +870,7 @@ namespace BTCPayServer.Controllers
[HttpPost] [HttpPost]
[Route("{walletId}/rescan")] [Route("{walletId}/rescan")]
[Authorize(Policy = Permission.CanModifyServerSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)] [Authorize(Policy = Policies.CanModifyServerSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
public async Task<IActionResult> WalletRescan( public async Task<IActionResult> WalletRescan(
[ModelBinder(typeof(WalletIdModelBinder))] [ModelBinder(typeof(WalletIdModelBinder))]
WalletId walletId, RescanWalletModel vm) WalletId walletId, RescanWalletModel vm)

4
BTCPayServer/Security/Policies.cs → BTCPayServer/Security/ServerPolicies.cs
View File

@@ -3,11 +3,11 @@ using Microsoft.AspNetCore.Authorization;
namespace BTCPayServer.Security namespace BTCPayServer.Security
{ {
public static class Policies public static class ServerPolicies
{ {
public static AuthorizationOptions AddBTCPayPolicies(this AuthorizationOptions options) public static AuthorizationOptions AddBTCPayPolicies(this AuthorizationOptions options)
{ {
foreach (var p in Permission.AllPolicies) foreach (var p in Policies.AllPolicies)
{ {
options.AddPolicy(p); options.AddPolicy(p);
} }

4
BTCPayServer/Services/Altcoins/Monero/UI/MoneroLikeStoreController.cs
View File

@@ -27,8 +27,8 @@ namespace BTCPayServer.Services.Altcoins.Monero.UI
[Route("stores/{storeId}/monerolike")] [Route("stores/{storeId}/monerolike")]
[OnlyIfSupportAttribute("XMR")] [OnlyIfSupportAttribute("XMR")]
[Authorize(AuthenticationSchemes = AuthenticationSchemes.Cookie)] [Authorize(AuthenticationSchemes = AuthenticationSchemes.Cookie)]
[Authorize(Policy = Permission.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)] [Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
[Authorize(Policy = Permission.CanModifyServerSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)] [Authorize(Policy = Policies.CanModifyServerSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
public class MoneroLikeStoreController : Controller public class MoneroLikeStoreController : Controller
{ {
private readonly MoneroLikeConfiguration _MoneroLikeConfiguration; private readonly MoneroLikeConfiguration _MoneroLikeConfiguration;