Store centric UI: Part 3 (#3224)

* Set store context in cookie

* Fix page id usages in view

* Move Pay Button to nav

* Move integrations to plugins nav

* Store switch links to wallet if present

* Test fixes

* Nav fixes

* Fix altcoin view

* Main nav updates

* Wallet setttings nav update

* Move storeId cookie fallback to cookie auth handler

* View fixes

* Test fixes

* Fix profile check

* Rename integrations nav extension point to store-integrations-nav-list

* Allow strings for Active page/category for plugins

* Make invoice list filter based on store context

* Do not set context if we are running authorizer through tag helper

* Fix test and unfiltered invoices

* Add permission helper for wallet links

* Add sanity checks for payment requests and invoices

* Store context in home controller

* Fix PayjoinViaUI test

* Store context for notifications

* Minor UI improvements

* Store context for userstores and vault controller

* Bring back integrations page

* Rename notifications nav pages file

* Fix user stores controller policies

* Controller policy fixes from code review

* CookieAuthHandler: Simplify CanViewInvoices case

* Revert "Controller policy fixes from code review"

This reverts commit 97e8b8379c2f2f373bac15a96632d2c8913ef4bd.

* Simplify LayoutSimple

* Fix CanViewInvoices condition

Co-authored-by: Kukks <evilkukka@gmail.com>

BTCPayServer/Controllers/NotificationsController.cs

@@ -4,6 +4,7 @@ using System.Net.WebSockets;
 using System.Threading;
 using System.Threading.Tasks;
 using BTCPayServer.Abstractions.Constants;
+using BTCPayServer.Client;
 using BTCPayServer.Data;
 using BTCPayServer.Filters;
 using BTCPayServer.Models.NotificationViewModels;
@@ -18,7 +19,7 @@ using Microsoft.AspNetCore.Mvc;
 namespace BTCPayServer.Controllers
 {
     [BitpayAPIConstraint(false)]
-    [Authorize(AuthenticationSchemes = AuthenticationSchemes.Cookie)]
+    [Authorize(AuthenticationSchemes = AuthenticationSchemes.Cookie, Policy = Policies.CanViewNotificationsForUser)]
     [Route("[controller]/[action]")]
     public class NotificationsController : Controller
     {
@@ -46,8 +47,7 @@ namespace BTCPayServer.Controllers
         {
             return ViewComponent("NotificationsDropdown");
         }
-
-
+        
         [HttpGet]
         public async Task<IActionResult> SubscribeUpdates(CancellationToken cancellationToken)
         {
@@ -128,6 +128,7 @@ namespace BTCPayServer.Controllers
         }
 
         [HttpPost]
+        [Authorize(AuthenticationSchemes = AuthenticationSchemes.Cookie, Policy = Policies.CanManageNotificationsForUser)]
         public async Task<IActionResult> FlipRead(string id)
         {
             if (ValidUserClaim(out var userId))
@@ -161,9 +162,9 @@ namespace BTCPayServer.Controllers
 
             return NotFound();
         }
-
-
+        
         [HttpPost]
+        [Authorize(AuthenticationSchemes = AuthenticationSchemes.Cookie, Policy = Policies.CanManageNotificationsForUser)]
         public async Task<IActionResult> MassAction(string command, string[] selectedItems)
         {
             if (!ValidUserClaim(out var userId))
@@ -209,6 +210,7 @@ namespace BTCPayServer.Controllers
         }
 
         [HttpPost]
+        [Authorize(AuthenticationSchemes = AuthenticationSchemes.Cookie, Policy = Policies.CanManageNotificationsForUser)]
         public async Task<IActionResult> MarkAllAsSeen(string returnUrl)
         {
             if (!ValidUserClaim(out var userId))