Small improvements (#5273)

* BUmp LNURL * Show app view link in nav when not enoguh permission to modify * FIx permission misalignment on create pull payments We have explicit permissions for pull payment creation, even allow them to be created through the invoices, but the create ui and cta were blocked behind canmodify store permission. * Make Ln address pass an invoiceId in the context to resolve breaking change
2025-12-18 06:24:24 +01:00 · 2023-08-26 13:50:07 +02:00
parent 58a1c6d2c8
commit 4564f9a46c
7 changed files with 28 additions and 7 deletions
--- a/BTCPayServer/Controllers/UIStorePullPaymentsController.PullPayments.cs
+++ b/BTCPayServer/Controllers/UIStorePullPaymentsController.PullPayments.cs
@@ -39,6 +39,7 @@ namespace BTCPayServer.Controllers
        private readonly PullPaymentHostedService _pullPaymentService;
        private readonly ApplicationDbContextFactory _dbContextFactory;
        private readonly BTCPayNetworkJsonSerializerSettings _jsonSerializerSettings;
+        private readonly IAuthorizationService _authorizationService;

        public StoreData CurrentStore
        {
@@ -54,7 +55,8 @@ namespace BTCPayServer.Controllers
            DisplayFormatter displayFormatter,
            PullPaymentHostedService pullPaymentHostedService,
            ApplicationDbContextFactory dbContextFactory,
-            BTCPayNetworkJsonSerializerSettings jsonSerializerSettings)
+            BTCPayNetworkJsonSerializerSettings jsonSerializerSettings,
+            IAuthorizationService authorizationService)
        {
            _btcPayNetworkProvider = btcPayNetworkProvider;
            _payoutHandlers = payoutHandlers;
@@ -63,10 +65,11 @@ namespace BTCPayServer.Controllers
            _pullPaymentService = pullPaymentHostedService;
            _dbContextFactory = dbContextFactory;
            _jsonSerializerSettings = jsonSerializerSettings;
+            _authorizationService = authorizationService;
        }

        [HttpGet("stores/{storeId}/pull-payments/new")]
-        [Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
+        [Authorize(Policy = Policies.CanCreateNonApprovedPullPayments, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
        public async Task<IActionResult> NewPullPayment(string storeId)
        {
            if (CurrentStore is null)
@@ -95,7 +98,7 @@ namespace BTCPayServer.Controllers
        }

        [HttpPost("stores/{storeId}/pull-payments/new")]
-        [Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
+        [Authorize(Policy = Policies.CanCreateNonApprovedPullPayments, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
        public async Task<IActionResult> NewPullPayment(string storeId, NewPullPaymentModel model)
        {
            if (CurrentStore is null)
@@ -135,6 +138,11 @@ namespace BTCPayServer.Controllers
            }
            if (!ModelState.IsValid)
                return View(model);
+            if (model.AutoApproveClaims)
+            {
+                model.AutoApproveClaims = (await
+                    _authorizationService.AuthorizeAsync(User, storeId, Policies.CanCreatePullPayments)).Succeeded;
+            }
            await _pullPaymentService.CreatePullPayment(new HostedServices.CreatePullPayment()
            {
                Name = model.Name,