Merge pull request #6878 from btcpayserver/feat/qr-confirmation

Asking for confirmation to display QR code if user is store owner
2026-02-09 00:04:20 +01:00 · 2025-07-31 09:39:04 +02:00
parent 2256bafe59 6183635b92
commit 88c8d23660
2 changed files with 48 additions and 7 deletions
--- a/BTCPayServer/Blazor/PosLoginCode.razor
+++ b/BTCPayServer/Blazor/PosLoginCode.razor
@@ -2,7 +2,7 @@
 {
    <div @attributes="Attrs" class="@CssClass">
        <label for="SignedInUser" class="form-label" text-translate="true">Signed in user</label>
-        <select id="SignedInUser" class="form-select" value="@_userId" @onchange="@(e => _userId = e.Value?.ToString())">
+        <select id="SignedInUser" class="form-select" value="@_userId" @onchange="@OnUserChanged">
            <option value="" text-translate="true">None, just open the URL</option>
            @foreach (var u in Users)
            {
@@ -18,20 +18,56 @@
 }
 else
 {
-    <UserLoginCode UserId="@_userId" RedirectUrl="@PosPath" />
+    @if (IsSelectedUserOwner() && !_ownerConfirmed)
+    {
+        <div>
+            <p><strong>This user is Store Owner</strong></p>
+            <p>Please confirm you want this QR code to be displayed.</p>
+
+            <button type="button" class="btn btn-danger" @onclick="ConfirmOwnerDisplay">Yes, show QR code</button>
+        </div>
+    }
+    else
+    {
+        <UserLoginCode UserId="@_userId" RedirectUrl="@PosPath" />
+    }
 }

@code {
-    [Parameter, EditorRequired]
-    public string PosPath { get; set; }
+    [Parameter, EditorRequired] public string PosPath { get; set; }

-    [Parameter]
-    public Dictionary<string,string> Users { get; set; }
+    [Parameter] public Dictionary<string, string> Users { get; set; }
    [Parameter] public string PosUrl { get; set; }

    [Parameter(CaptureUnmatchedValues = true)]
    public Dictionary<string, object> Attrs { get; set; }

    private string _userId;
+    private bool _ownerConfirmed = false;
    private string CssClass => $"form-group {(Attrs?.ContainsKey("class") is true ? Attrs["class"] : "")}".Trim();
+
+    private void OnUserChanged(ChangeEventArgs e)
+    {
+        _userId = e.Value?.ToString();
+        _ownerConfirmed = false; // Reset confirmation when user changes
+    }
+
+    private bool IsSelectedUserOwner()
+    {
+        if (string.IsNullOrEmpty(_userId) || Users == null)
+            return false;
+
+        if (Users.TryGetValue(_userId, out var userInfo))
+        {
+            return userInfo.Contains("Owner", StringComparison.OrdinalIgnoreCase);
+        }
+
+        return false;
+    }
+
+    private void ConfirmOwnerDisplay()
+    {
+        _ownerConfirmed = true;
+    }
+
 }
--- a/BTCPayServer/Plugins/PointOfSale/Controllers/UIPointOfSaleController.cs
+++ b/BTCPayServer/Plugins/PointOfSale/Controllers/UIPointOfSaleController.cs
@@ -708,7 +708,12 @@ namespace BTCPayServer.Plugins.PointOfSale.Controllers
        private async Task FillUsers(UpdatePointOfSaleViewModel vm)
        {
            var users = await _storeRepository.GetStoreUsers(GetCurrentStore().Id);
-            vm.StoreUsers = users.Where(u => u.Id == _userManager.GetUserId(User)).Select(u => (u.Id, u.Email, u.StoreRole.Role)).ToDictionary(u => u.Id, u => $"{u.Email} ({u.Role})");
+
+            if (!User.IsInRole(Roles.ServerAdmin))
+                users = users.Where(u => u.Id == _userManager.GetUserId(User)).ToArray();
+
+            vm.StoreUsers = users.Select(u => (u.Id, u.Email, u.StoreRole.Role))
+                .ToDictionary(u => u.Id, u => $"{u.Email} ({u.Role})");
        }
    }
 }