Fix: Do not expose xpub without modify store permission (#6212)

2025-12-18 06:24:24 +01:00 · 2024-09-27 15:27:04 +09:00
parent 272cc3d3c9
commit 9ba4b030ed
10 changed files with 185 additions and 169 deletions
--- a/BTCPayServer/Controllers/GreenField/GreenfieldStorePaymentMethodsController.cs
+++ b/BTCPayServer/Controllers/GreenField/GreenfieldStorePaymentMethodsController.cs
@@ -145,9 +145,7 @@ namespace BTCPayServer.Controllers.Greenfield

            if (includeConfig is true)
            {
-                var canModifyStore = (await _authorizationService.AuthorizeAsync(User, null,
-                    new PolicyRequirement(Policies.CanModifyStoreSettings))).Succeeded;
-                if (!canModifyStore)
+                if (!await _authorizationService.CanModifyStore(User))
                    return this.CreateAPIPermissionError(Policies.CanModifyStoreSettings);
            }