Fix: If user get locked out, unlocking or deleting user fails

This is due to the fact our UserService is a singleton, and it had a reference on UserManager which is scoped. UserManager is caching user entities at the scope level. UserService then had a view completely unsynchronized with the database.
2025-12-17 14:04:26 +01:00 · 2023-02-15 14:28:34 +09:00
parent cc9c63c33e
commit a5ff655eed
3 changed files with 41 additions and 25 deletions
--- a/BTCPayServer/Controllers/UIServerController.Users.cs
+++ b/BTCPayServer/Controllers/UIServerController.Users.cs
@@ -86,7 +86,7 @@ namespace BTCPayServer.Controllers
                Id = user.Id,
                Email = user.Email,
                Verified = user.EmailConfirmed || !user.RequiresEmailConfirmation,
-                IsAdmin = _userService.IsRoleAdmin(roles)
+                IsAdmin = Roles.HasServerAdmin(roles)
            };
            return View(userVM);
        }
@@ -101,7 +101,7 @@ namespace BTCPayServer.Controllers

            var admins = await _UserManager.GetUsersInRoleAsync(Roles.ServerAdmin);
            var roles = await _UserManager.GetRolesAsync(user);
-            var wasAdmin = _userService.IsRoleAdmin(roles);
+            var wasAdmin = Roles.HasServerAdmin(roles);
            if (!viewModel.IsAdmin && admins.Count == 1 && wasAdmin)
            {
                TempData[WellKnownTempData.ErrorMessage] = "This is the only Admin, so their role can't be removed until another Admin is added.";
@@ -219,7 +219,7 @@ namespace BTCPayServer.Controllers
                return NotFound();

            var roles = await _UserManager.GetRolesAsync(user);
-            if (_userService.IsRoleAdmin(roles))
+            if (Roles.HasServerAdmin(roles))
            {
                if (await _userService.IsUserTheOnlyOneAdmin(user))
                {