From 3fe71e7bdc9b99455e2bf5237b9daf334ab923a2 Mon Sep 17 00:00:00 2001
From: "nicolas.dorier" <nicolas.dorier@gmail.com>
Date: Thu, 10 Feb 2022 18:37:07 +0900
Subject: [PATCH] Avoid NRE on PermissionTagHelper

---
 BTCPayServer/TagHelpers/PermissionTagHelper.cs | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/BTCPayServer/TagHelpers/PermissionTagHelper.cs b/BTCPayServer/TagHelpers/PermissionTagHelper.cs
index 78dd684d8..63fcbcae7 100644
--- a/BTCPayServer/TagHelpers/PermissionTagHelper.cs
+++ b/BTCPayServer/TagHelpers/PermissionTagHelper.cs
@@ -1,3 +1,4 @@
+#nullable enable
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
@@ -26,22 +27,20 @@ public class PermissionTagHelper : TagHelper
     public override async Task ProcessAsync(TagHelperContext context, TagHelperOutput output)
     {
         if (string.IsNullOrEmpty(Permission))
-        {
             return;
-        }
+        if (_httpContextAccessor.HttpContext is null)
+            return;
 
         var key = $"{Permission}_{PermissionResource}";
-        if (!_httpContextAccessor.HttpContext.Items.TryGetValue(key, out var cachedResult))
+        if (!_httpContextAccessor.HttpContext.Items.TryGetValue(key, out var o) ||
+            o is not AuthorizationResult res)
         {
-            var result = await _authorizationService.AuthorizeAsync(_httpContextAccessor.HttpContext.User,
+            res = await _authorizationService.AuthorizeAsync(_httpContextAccessor.HttpContext.User,
                 PermissionResource,
                 Permission);
-
-            cachedResult = result;
-            _httpContextAccessor.HttpContext.Items.Add(key, result);
-
+            _httpContextAccessor.HttpContext.Items.Add(key, res);
         }
-        if (!((AuthorizationResult)cachedResult).Succeeded)
+        if (!res.Succeeded)
         {
             output.SuppressOutput();
         }