aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2025-12-18 14:34:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Replace admin check with CanModifyServerSettings authorization policy

Browse Source
This commit is contained in:
Umar Bolatov
2021-04-10 19:33:37 -07:00
parent 9fc2d2b76b
commit 949d6bf584
1 changed files with 1 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
BTCPayServer/Controllers/GreenField/UsersController.cs
View File

@@ -197,15 +197,9 @@ namespace BTCPayServer.Controllers.GreenField
} }
[HttpDelete("~/api/v1/users/{userId}")] [HttpDelete("~/api/v1/users/{userId}")]
[Authorize(AuthenticationSchemes = AuthenticationSchemes.GreenfieldAPIKeys)] [Authorize(Policy = Policies.CanModifyServerSettings, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
public async Task<ActionResult<ApplicationUserData>> DeleteUser(string userId) public async Task<ActionResult<ApplicationUserData>> DeleteUser(string userId)
{ {
// Only admins should be allowed to delete users
if (!User.IsInRole(Roles.ServerAdmin))
{
return Forbid(AuthenticationSchemes.GreenfieldBasic);
}
var user = userId == null ? null : await _userManager.FindByIdAsync(userId); var user = userId == null ? null : await _userManager.FindByIdAsync(userId);
if (user == null) if (user == null)
{ {