Censor based on permissions

2025-12-18 22:44:29 +01:00 · 2021-10-01 12:30:00 +02:00
parent 7cad6302b7
commit a3c2a9ac61
8 changed files with 49 additions and 11 deletions
--- a/BTCPayServer.Tests/GreenfieldAPITests.cs
+++ b/BTCPayServer.Tests/GreenfieldAPITests.cs
@@ -1953,6 +1953,7 @@ namespace BTCPayServer.Tests
            var admin = tester.NewAccount();
            await admin.GrantAccessAsync(true);
            var adminClient = await admin.CreateClient(Policies.Unrestricted);
            var viewerOnlyClient = await admin.CreateClient(Policies.CanViewStoreSettings);
            var store = await adminClient.GetStore(admin.StoreId);
            Assert.Empty(await adminClient.GetStorePaymentMethods(store.Id));
@@ -1987,6 +1988,29 @@ namespace BTCPayServer.Tests
            VerifyOnChain(methods);
            methods = await viewerOnlyClient.GetStorePaymentMethods(store.Id);
            VerifyLightning(methods);
           await  adminClient.UpdateStoreLightningNetworkPaymentMethod(store.Id, "BTC",
                new UpdateLightningNetworkPaymentMethodRequest(
                    tester.GetLightningConnectionString(LightningConnectionType.CLightning, true), true));
            methods = await viewerOnlyClient.GetStorePaymentMethods(store.Id);
            Assert.True(methods.TryGetValue(new PaymentMethodId("BTC", PaymentTypes.LightningLike).ToStringNormalized(), out var item));
            var lightningNetworkPaymentMethodBaseData =Assert.IsType<JObject>(item.Data).ToObject<LightningNetworkPaymentMethodBaseData>();
            Assert.Equal("###", lightningNetworkPaymentMethodBaseData.ConnectionString);
            methods = await adminClient.GetStorePaymentMethods(store.Id);
            Assert.True(methods.TryGetValue(new PaymentMethodId("BTC", PaymentTypes.LightningLike).ToStringNormalized(), out item));
            lightningNetworkPaymentMethodBaseData =Assert.IsType<JObject>(item.Data).ToObject<LightningNetworkPaymentMethodBaseData>();
            Assert.NotEqual("###", lightningNetworkPaymentMethodBaseData.ConnectionString);
        }
    }
--- a/BTCPayServer/Controllers/GreenField/LocalBTCPayServerClient.cs
+++ b/BTCPayServer/Controllers/GreenField/LocalBTCPayServerClient.cs
@@ -878,9 +878,9 @@ namespace BTCPayServer.Controllers.GreenField
            return Task.FromResult(GetFromActionResult<PermissionMetadata[]>(_homeController.Permissions()));
        }
-        public override Task<Dictionary<string, GenericPaymentMethodData>> GetStorePaymentMethods(string storeId, bool? enabled = null, CancellationToken token = default)
+        public override async Task<Dictionary<string, GenericPaymentMethodData>> GetStorePaymentMethods(string storeId, bool? enabled = null, CancellationToken token = default)
        {
-            return Task.FromResult(GetFromActionResult(_storePaymentMethodsController.GetStorePaymentMethods(storeId, enabled)));
+            return GetFromActionResult(await _storePaymentMethodsController.GetStorePaymentMethods(storeId, enabled));
        }
        public override async Task<OnChainPaymentMethodDataWithSensitiveData> GenerateOnChainWallet(string storeId, string cryptoCode, GenerateOnChainWalletRequest request,
--- a/BTCPayServer/Controllers/GreenField/StorePaymentMethodsController.cs
+++ b/BTCPayServer/Controllers/GreenField/StorePaymentMethodsController.cs
@@ -1,10 +1,12 @@
 #nullable enable
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
 using BTCPayServer.Abstractions.Constants;
 using BTCPayServer.Client;
 using BTCPayServer.Client.Models;
 using BTCPayServer.Data;
 using BTCPayServer.Security;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using StoreData = BTCPayServer.Data.StoreData;
@@ -17,20 +19,24 @@ namespace BTCPayServer.Controllers.GreenField
    {
        private StoreData Store => HttpContext.GetStoreData();
        private readonly BTCPayNetworkProvider _btcPayNetworkProvider;
        private readonly IAuthorizationService _authorizationService;
-        public StorePaymentMethodsController(BTCPayNetworkProvider btcPayNetworkProvider)
+        public StorePaymentMethodsController(BTCPayNetworkProvider btcPayNetworkProvider, IAuthorizationService authorizationService)
        {
            _btcPayNetworkProvider = btcPayNetworkProvider;
            _authorizationService = authorizationService;
        }
        [Authorize(Policy = Policies.CanViewStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
        [HttpGet("~/api/v1/stores/{storeId}/payment-methods")]
-        public ActionResult<Dictionary<string, GenericPaymentMethodData>> GetStorePaymentMethods(
+        public async Task<ActionResult<Dictionary<string, GenericPaymentMethodData>>> GetStorePaymentMethods(
            string storeId,
            [FromQuery] bool? enabled)
        {
            var storeBlob = Store.GetStoreBlob();
            var excludedPaymentMethods = storeBlob.GetExcludedPaymentMethods();
            var canModifyStore = (await _authorizationService.AuthorizeAsync(User, null,
                new PolicyRequirement(Policies.CanModifyStoreSettings))).Succeeded;;
            return Ok(Store.GetSupportedPaymentMethods(_btcPayNetworkProvider)
                .Where(method =>
                    enabled is null || (enabled is false && excludedPaymentMethods.Match(method.PaymentId)))
@@ -40,7 +46,7 @@ namespace BTCPayServer.Controllers.GreenField
                    {
                        CryptoCode = method.PaymentId.CryptoCode,
                        Enabled = enabled.GetValueOrDefault(!excludedPaymentMethods.Match(method.PaymentId)),
-                        Data = method.PaymentId.PaymentType.GetGreenfieldData(method)
+                        Data = method.PaymentId.PaymentType.GetGreenfieldData(method, canModifyStore)
                    }));
        }
    }
--- a/BTCPayServer/Payments/PaymentTypes.Bitcoin.cs
+++ b/BTCPayServer/Payments/PaymentTypes.Bitcoin.cs
@@ -85,7 +85,7 @@ namespace BTCPayServer.Payments
        }
        public override string InvoiceViewPaymentPartialName { get; } = "Bitcoin/ViewBitcoinLikePaymentData";
-        public override object GetGreenfieldData(ISupportedPaymentMethod supportedPaymentMethod)
+        public override object GetGreenfieldData(ISupportedPaymentMethod supportedPaymentMethod, bool canModifyStore)
        {
            if (supportedPaymentMethod is DerivationSchemeSettings derivationSchemeSettings)
                return new OnChainPaymentMethodBaseData()
--- a/BTCPayServer/Payments/PaymentTypes.Lightning.cs
+++ b/BTCPayServer/Payments/PaymentTypes.Lightning.cs
@@ -65,12 +65,20 @@ namespace BTCPayServer.Payments
        }
        public override string InvoiceViewPaymentPartialName { get; } = "Lightning/ViewLightningLikePaymentData";
-        public override object GetGreenfieldData(ISupportedPaymentMethod supportedPaymentMethod)
+
        public override object GetGreenfieldData(ISupportedPaymentMethod supportedPaymentMethod, bool canModifyStore)
        {
            if (supportedPaymentMethod is LightningSupportedPaymentMethod lightningSupportedPaymentMethod)
                return new LightningNetworkPaymentMethodBaseData()
                {
-                    ConnectionString = lightningSupportedPaymentMethod.GetDisplayableConnectionString()
+                    ConnectionString = lightningSupportedPaymentMethod.IsInternalNode
                        ?
                        lightningSupportedPaymentMethod.GetDisplayableConnectionString()
                        :
                        canModifyStore
                            ? lightningSupportedPaymentMethod.GetDisplayableConnectionString()
                            :
                            "###"
                };
            return null;
        }
--- a/BTCPayServer/Payments/PaymentTypes.cs
+++ b/BTCPayServer/Payments/PaymentTypes.cs
@@ -81,7 +81,7 @@ namespace BTCPayServer.Payments
            Money cryptoInfoDue, string serverUri);
        public abstract string InvoiceViewPaymentPartialName { get; }
-        public abstract object GetGreenfieldData(ISupportedPaymentMethod supportedPaymentMethod);
+        public abstract object GetGreenfieldData(ISupportedPaymentMethod supportedPaymentMethod, bool canModifyStore);
        public virtual bool IsPaymentType(string paymentType)
        {
--- a/BTCPayServer/Services/Altcoins/Ethereum/Payments/EthereumPaymentType.cs
+++ b/BTCPayServer/Services/Altcoins/Ethereum/Payments/EthereumPaymentType.cs
@@ -53,7 +53,7 @@ namespace BTCPayServer.Services.Altcoins.Ethereum.Payments
        }
        public override string InvoiceViewPaymentPartialName { get; }= "Ethereum/ViewEthereumLikePaymentData";
-        public override object GetGreenfieldData(ISupportedPaymentMethod supportedPaymentMethod)
+        public override object GetGreenfieldData(ISupportedPaymentMethod supportedPaymentMethod, bool canModifyStore)
        {
            if (supportedPaymentMethod is EthereumSupportedPaymentMethod ethereumSupportedPaymentMethod)
            {
--- a/BTCPayServer/Services/Altcoins/Monero/Payments/MoneroPaymentType.cs
+++ b/BTCPayServer/Services/Altcoins/Monero/Payments/MoneroPaymentType.cs
@@ -57,7 +57,7 @@ namespace BTCPayServer.Services.Altcoins.Monero.Payments
        }
        public override string InvoiceViewPaymentPartialName { get; } = "Monero/ViewMoneroLikePaymentData";
-        public override object GetGreenfieldData(ISupportedPaymentMethod supportedPaymentMethod)
+        public override object GetGreenfieldData(ISupportedPaymentMethod supportedPaymentMethod, bool canModifyStore)
        {
            if (supportedPaymentMethod is MoneroSupportedPaymentMethod moneroSupportedPaymentMethod)
            {