Support Admin being able to view stores (#5782)

* Support Admin being able to view stores * fix null check * Delete obsolete empty view * Add test * Apply CanViewStoreSettings policy changes Taken from #5719 * Fix Selenium tests * Update dashboard permission requirement --------- Co-authored-by: Dennis Reimann <mail@dennisreimann.de>
2025-12-17 05:54:26 +01:00 · 2024-03-14 10:25:40 +01:00
parent f1ff913cbe
commit e497903bf4
49 changed files with 440 additions and 286 deletions
--- a/BTCPayServer/Controllers/UIStoresController.Roles.cs
+++ b/BTCPayServer/Controllers/UIStoresController.Roles.cs
@@ -1,15 +1,12 @@
-using System;
-using System.Collections.Generic;
-using System.ComponentModel.DataAnnotations;
-using System.Data;
 using System.Linq;
 using System.Threading.Tasks;
-using Amazon.S3.Transfer;
 using BTCPayServer.Abstractions.Constants;
 using BTCPayServer.Abstractions.Extensions;
 using BTCPayServer.Abstractions.Models;
+using BTCPayServer.Client;
 using BTCPayServer.Models.ServerViewModels;
 using BTCPayServer.Services.Stores;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;

 namespace BTCPayServer.Controllers
@@ -60,19 +57,19 @@ namespace BTCPayServer.Controllers
                ModelState.Remove(nameof(role));
                return View(new UpdateRoleViewModel());
            }
-            else
+
+            var roleData = await storeRepository.GetStoreRole(new StoreRoleId(storeId, role));
+            if (roleData == null)
+                return NotFound();
+            return View(new UpdateRoleViewModel
            {
-                var roleData = await storeRepository.GetStoreRole(new StoreRoleId(storeId, role));
-                if (roleData == null)
-                    return NotFound();
-                return View(new UpdateRoleViewModel()
-                {
-                    Policies = roleData.Permissions,
-                    Role = roleData.Role
-                });
-            }
-        } 
+                Policies = roleData.Permissions,
+                Role = roleData.Role
+            });
+        }
+
        [HttpPost("{storeId}/roles/{role}")]
+        [Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
        public async Task<IActionResult> CreateOrEditRole(
            string storeId,
            [FromServices] StoreRepository storeRepository,
@@ -119,10 +116,9 @@ namespace BTCPayServer.Controllers

            return RedirectToAction(nameof(ListRoles), new { storeId });
        }
-        
-

        [HttpGet("{storeId}/roles/{role}/delete")]
+        [Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
        public async Task<IActionResult> DeleteRole(
            string storeId,
            [FromServices] StoreRepository storeRepository,
@@ -142,6 +138,7 @@ namespace BTCPayServer.Controllers
        }

        [HttpPost("{storeId}/roles/{role}/delete")]
+        [Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
        public async Task<IActionResult> DeleteRolePost(
            string storeId,
            [FromServices] StoreRepository storeRepository,