Store Custom Roles (#4940)

BTCPayServer/Controllers/UIStoresController.cs

@@ -130,6 +130,7 @@ namespace BTCPayServer.Controllers
         public async Task<IActionResult> StoreUsers()
         {
             StoreUsersViewModel vm = new StoreUsersViewModel();
+            vm.Role = StoreRoleId.Guest.Role;
             await FillUsers(vm);
             return View(vm);
         }
@@ -142,7 +143,7 @@ namespace BTCPayServer.Controllers
             {
                 Email = u.Email,
                 Id = u.Id,
-                Role = u.Role
+                Role = u.StoreRole.Role
             }).ToList();
         }
 
@@ -150,7 +151,7 @@ namespace BTCPayServer.Controllers
 
         [HttpPost]
         [Route("{storeId}/users")]
-        public async Task<IActionResult> StoreUsers(StoreUsersViewModel vm)
+        public async Task<IActionResult> StoreUsers(string storeId, StoreUsersViewModel vm)
         {
             await FillUsers(vm);
             if (!ModelState.IsValid)
@@ -163,12 +164,16 @@ namespace BTCPayServer.Controllers
                 ModelState.AddModelError(nameof(vm.Email), "User not found");
                 return View(vm);
             }
-            if (!StoreRoles.AllRoles.Contains(vm.Role))
+
+            var roles = await _Repo.GetStoreRoles(CurrentStore.Id);
+            if (roles.All(role => role.Id != vm.Role))
             {
                 ModelState.AddModelError(nameof(vm.Role), "Invalid role");
                 return View(vm);
             }
-            if (!await _Repo.AddStoreUser(CurrentStore.Id, user.Id, vm.Role))
+            var roleId = await _Repo.ResolveStoreRoleId(storeId, vm.Role);
+
+            if (!await _Repo.AddStoreUser(CurrentStore.Id, user.Id, roleId))
             {
                 ModelState.AddModelError(nameof(vm.Email), "The user already has access to this store");
                 return View(vm);
@@ -938,8 +943,9 @@ namespace BTCPayServer.Controllers
             ViewBag.HidePublicKey = true;
             ViewBag.ShowStores = true;
             ViewBag.ShowMenu = false;
-            var stores = await _Repo.GetStoresByUserId(userId);
-            model.Stores = new SelectList(stores.Where(s => s.Role == StoreRoles.Owner), nameof(CurrentStore.Id), nameof(CurrentStore.StoreName));
+            var stores = (await _Repo.GetStoresByUserId(userId)).Where(data => data.HasPermission(userId, Policies.CanModifyStoreSettings)).ToArray();
+
+            model.Stores = new SelectList(stores, nameof(CurrentStore.Id), nameof(CurrentStore.StoreName));
             if (!model.Stores.Any())
             {
                 TempData[WellKnownTempData.ErrorMessage] = "You need to be owner of at least one store before pairing";
@@ -1004,14 +1010,14 @@ namespace BTCPayServer.Controllers
                 return RedirectToAction(nameof(UIHomeController.Index), "UIHome");
             }
 
-            var stores = await _Repo.GetStoresByUserId(userId);
+            var stores = (await _Repo.GetStoresByUserId(userId)).Where(data => data.HasPermission(userId, Policies.CanModifyStoreSettings)).ToArray();
             return View(new PairingModel
             {
                 Id = pairing.Id,
                 Label = pairing.Label,
                 SIN = pairing.SIN ?? "Server-Initiated Pairing",
                 StoreId = selectedStore ?? stores.FirstOrDefault()?.Id,
-                Stores = stores.Where(u => u.Role == StoreRoles.Owner).Select(s => new PairingModel.StoreViewModel
+                Stores = stores.Select(s => new PairingModel.StoreViewModel
                 {
                     Id = s.Id,
                     Name = string.IsNullOrEmpty(s.StoreName) ? s.Id : s.StoreName