aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2025-12-18 06:24:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

Allow resolution of any settings via DI

Browse Source
This commit is contained in:
nicolas.dorier
2022-05-24 13:18:16 +09:00
parent 3285f24fe9
commit 67eeb4b69a
41 changed files with 221 additions and 149 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
BTCPayServer/Controllers/GreenField/GreenfieldUsersController.cs
View File

@@ -27,6 +27,7 @@ namespace BTCPayServer.Controllers.Greenfield
[EnableCors(CorsPolicies.All)]
public class GreenfieldUsersController : ControllerBase
{
public PoliciesSettings PoliciesSettings { get; }
public Logs Logs { get; }
private readonly UserManager<ApplicationUser> _userManager;
@@ -42,6 +43,7 @@ namespace BTCPayServer.Controllers.Greenfield
public GreenfieldUsersController(UserManager<ApplicationUser> userManager,
RoleManager<IdentityRole> roleManager,
SettingsRepository settingsRepository,
PoliciesSettings policiesSettings,
EventAggregator eventAggregator,
IPasswordValidator<ApplicationUser> passwordValidator,
RateLimitService throttleService,
@@ -54,6 +56,7 @@ namespace BTCPayServer.Controllers.Greenfield
_userManager = userManager;
_roleManager = roleManager;
_settingsRepository = settingsRepository;
PoliciesSettings = policiesSettings;
_eventAggregator = eventAggregator;
_passwordValidator = passwordValidator;
_throttleService = throttleService;
@@ -147,7 +150,7 @@ namespace BTCPayServer.Controllers.Greenfield
if (request.IsAdministrator is true && !isAdmin)
return this.CreateAPIPermissionError(Policies.Unrestricted, $"Insufficient API Permissions. Please use an API key with permission: {Policies.Unrestricted} and be an admin.");
if (!isAdmin && (policies.LockSubscription || (await _settingsRepository.GetPolicies()).DisableNonAdminCreateUserApi))
if (!isAdmin && (policies.LockSubscription || PoliciesSettings.DisableNonAdminCreateUserApi))
{
// If we are not admin and subscriptions are locked, we need to check the Policies.CanCreateUser.Key permission
var canCreateUser = (await _authorizationService.AuthorizeAsync(User, null, new PolicyRequirement(Policies.CanCreateUser))).Succeeded;