Small improvements (#5273)

* BUmp LNURL * Show app view link in nav when not enoguh permission to modify * FIx permission misalignment on create pull payments We have explicit permissions for pull payment creation, even allow them to be created through the invoices, but the create ui and cta were blocked behind canmodify store permission. * Make Ln address pass an invoiceId in the context to resolve breaking change
2026-01-31 11:54:24 +01:00 · 2023-08-26 13:50:07 +02:00
parent 58a1c6d2c8
commit 4564f9a46c
7 changed files with 28 additions and 7 deletions
--- a/BTCPayServer/BTCPayServer.csproj
+++ b/BTCPayServer/BTCPayServer.csproj
@@ -54,7 +54,7 @@
    <PackageReference Include="Fido2" Version="2.0.2" />
    <PackageReference Include="Fido2.AspNet" Version="2.0.2" />
    <PackageReference Include="HtmlSanitizer" Version="5.0.372" />
-    <PackageReference Include="LNURL" Version="0.0.29" />
+    <PackageReference Include="LNURL" Version="0.0.30" />
    <PackageReference Include="MailKit" Version="3.3.0" />
    <PackageReference Include="BTCPayServer.NETCore.Plugins.Mvc" Version="1.4.4" />
    <PackageReference Include="QRCoder" Version="1.4.3" />
--- a/BTCPayServer/Controllers/UILNURLController.cs
+++ b/BTCPayServer/Controllers/UILNURLController.cs
@@ -714,6 +714,7 @@ namespace BTCPayServer
                    try
                    {
                        var expiry = i.ExpirationTime.ToUniversalTime() - DateTimeOffset.UtcNow;
+                        HttpContext.Items.Add(nameof(invoiceId), invoiceId);
                        var description = (await _pluginHookService.ApplyFilter("modify-lnurlp-description", lnurlPayRequest.Metadata)) as string;
                        if (description is null)
                            return NotFound();
--- a/BTCPayServer/Controllers/UIStorePullPaymentsController.PullPayments.cs
+++ b/BTCPayServer/Controllers/UIStorePullPaymentsController.PullPayments.cs
@@ -39,6 +39,7 @@ namespace BTCPayServer.Controllers
        private readonly PullPaymentHostedService _pullPaymentService;
        private readonly ApplicationDbContextFactory _dbContextFactory;
        private readonly BTCPayNetworkJsonSerializerSettings _jsonSerializerSettings;
+        private readonly IAuthorizationService _authorizationService;

        public StoreData CurrentStore
        {
@@ -54,7 +55,8 @@ namespace BTCPayServer.Controllers
            DisplayFormatter displayFormatter,
            PullPaymentHostedService pullPaymentHostedService,
            ApplicationDbContextFactory dbContextFactory,
-            BTCPayNetworkJsonSerializerSettings jsonSerializerSettings)
+            BTCPayNetworkJsonSerializerSettings jsonSerializerSettings,
+            IAuthorizationService authorizationService)
        {
            _btcPayNetworkProvider = btcPayNetworkProvider;
            _payoutHandlers = payoutHandlers;
@@ -63,10 +65,11 @@ namespace BTCPayServer.Controllers
            _pullPaymentService = pullPaymentHostedService;
            _dbContextFactory = dbContextFactory;
            _jsonSerializerSettings = jsonSerializerSettings;
+            _authorizationService = authorizationService;
        }

        [HttpGet("stores/{storeId}/pull-payments/new")]
-        [Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
+        [Authorize(Policy = Policies.CanCreateNonApprovedPullPayments, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
        public async Task<IActionResult> NewPullPayment(string storeId)
        {
            if (CurrentStore is null)
@@ -95,7 +98,7 @@ namespace BTCPayServer.Controllers
        }

        [HttpPost("stores/{storeId}/pull-payments/new")]
-        [Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
+        [Authorize(Policy = Policies.CanCreateNonApprovedPullPayments, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
        public async Task<IActionResult> NewPullPayment(string storeId, NewPullPaymentModel model)
        {
            if (CurrentStore is null)
@@ -135,6 +138,11 @@ namespace BTCPayServer.Controllers
            }
            if (!ModelState.IsValid)
                return View(model);
+            if (model.AutoApproveClaims)
+            {
+                model.AutoApproveClaims = (await
+                    _authorizationService.AuthorizeAsync(User, storeId, Policies.CanCreatePullPayments)).Succeeded;
+            }
            await _pullPaymentService.CreatePullPayment(new HostedServices.CreatePullPayment()
            {
                Name = model.Name,
--- a/BTCPayServer/Views/Shared/Crowdfund/NavExtension.cshtml
+++ b/BTCPayServer/Views/Shared/Crowdfund/NavExtension.cshtml
@@ -27,5 +27,10 @@
                <span>@app.AppName</span>
            </a>
        </li>
+        <li class="nav-item nav-item-sub" not-permission="@Policies.CanModifyStoreSettings">
+            <a asp-area="" asp-controller="UICrowdfund" asp-action="ViewCrowdfund" asp-route-appId="@app.Id" class="nav-link">
+                <span>@app.AppName</span>
+            </a>
+        </li>
    }
 }
--- a/BTCPayServer/Views/Shared/PointOfSale/NavExtension.cshtml
+++ b/BTCPayServer/Views/Shared/PointOfSale/NavExtension.cshtml
@@ -27,5 +27,10 @@
                <span>@app.AppName</span>
            </a>
        </li>
+        <li class="nav-item nav-item-sub" not-permission="@Policies.CanModifyStoreSettings">
+            <a asp-area="" asp-controller="UIPointOfSale" asp-action="ViewPointOfSale" asp-route-appId="@app.Id" class="nav-link">
+                <span>@app.AppName</span>
+            </a>
+        </li>
    }
 }
--- a/BTCPayServer/Views/UIStorePullPayments/NewPullPayment.cshtml
+++ b/BTCPayServer/Views/UIStorePullPayments/NewPullPayment.cshtml
@@ -1,4 +1,5 @@
@using BTCPayServer.Abstractions.Extensions
+@using BTCPayServer.Client
@using BTCPayServer.Views.Stores
@model BTCPayServer.Models.WalletViewModels.NewPullPaymentModel
@{
@@ -42,7 +43,7 @@
                    <span asp-validation-for="Currency" class="text-danger"></span>
                </div>

-                <div class="form-group col-12">
+                <div class="form-group col-12" permission="@Policies.CanCreatePullPayments">
                    <div class="form-check ">
                        <input asp-for="AutoApproveClaims" type="checkbox" class="form-check-input"/>
                        <label asp-for="AutoApproveClaims" class="form-check-label"></label>
--- a/BTCPayServer/Views/UIStorePullPayments/PullPayments.cshtml
+++ b/BTCPayServer/Views/UIStorePullPayments/PullPayments.cshtml
@@ -6,7 +6,8 @@
@using ExchangeSharp
@model BTCPayServer.Models.WalletViewModels.PullPaymentsModel
@{
-    ViewData.SetActivePage(StoreNavPages.PullPayments, "Pull Payments", Context.GetStoreData().Id);
+    var storeId = Context.GetStoreData().Id;
+    ViewData.SetActivePage(StoreNavPages.PullPayments, "Pull Payments", storeId);
    var nextStartDateSortOrder = (string)ViewData["NextStartSortOrder"];
    string startDateSortOrder = null;
    switch (nextStartDateSortOrder)
@@ -45,7 +46,7 @@
            <vc:icon symbol="info" />
        </a>
    </h2>
-    <a permission="@Policies.CanModifyStoreSettings" asp-action="NewPullPayment" asp-route-storeId="@Context.GetRouteValue("storeId")" class="btn btn-primary" role="button" id="NewPullPayment">
+    <a permission="@Policies.CanCreateNonApprovedPullPayments" asp-action="NewPullPayment" asp-route-storeId="@storeId" class="btn btn-primary" role="button" id="NewPullPayment">
        <span class="fa fa-plus"></span> Create Pull Payment
    </a>
 </div>