aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2025-12-18 14:34:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add additional permission for pull payments (#4539)

Browse Source 
* Add additional permission for pull payments

* Apply suggestions from code review
This commit is contained in:
Andrew Camilleri
2023-01-26 01:46:05 +01:00
committed by GitHub
parent 69e90b7ff1
commit f46443a5e3
6 changed files with 131 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
BTCPayServer/Controllers/GreenField/GreenfieldPullPaymentController.cs
View File

@@ -11,6 +11,7 @@ using BTCPayServer.Client.Models;
using BTCPayServer.Data;
using BTCPayServer.HostedServices;
using BTCPayServer.Payments;
using BTCPayServer.Security;
using BTCPayServer.Services;
using BTCPayServer.Services.Rates;
using Microsoft.AspNetCore.Authorization;
@@ -33,13 +34,15 @@ namespace BTCPayServer.Controllers.Greenfield
private readonly CurrencyNameTable _currencyNameTable;
private readonly BTCPayNetworkJsonSerializerSettings _serializerSettings;
private readonly IEnumerable<IPayoutHandler> _payoutHandlers;
private readonly IAuthorizationService _authorizationService;
public GreenfieldPullPaymentController(PullPaymentHostedService pullPaymentService,
LinkGenerator linkGenerator,
ApplicationDbContextFactory dbContextFactory,
CurrencyNameTable currencyNameTable,
Services.BTCPayNetworkJsonSerializerSettings serializerSettings,
IEnumerable<IPayoutHandler> payoutHandlers)
IEnumerable<IPayoutHandler> payoutHandlers,
IAuthorizationService authorizationService)
{
_pullPaymentService = pullPaymentService;
_linkGenerator = linkGenerator;
@@ -47,6 +50,7 @@ namespace BTCPayServer.Controllers.Greenfield
_currencyNameTable = currencyNameTable;
_serializerSettings = serializerSettings;
_payoutHandlers = payoutHandlers;
_authorizationService = authorizationService;
}
[HttpGet("~/api/v1/stores/{storeId}/pull-payments")]
@@ -62,7 +66,7 @@ namespace BTCPayServer.Controllers.Greenfield
}
[HttpPost("~/api/v1/stores/{storeId}/pull-payments")]
[Authorize(Policy = Policies.CanManagePullPayments, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
[Authorize(Policy = Policies.CanCreateNonApprovedPullPayments, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
public async Task<IActionResult> CreatePullPayment(string storeId, CreatePullPaymentRequest request)
{
if (request is null)
@@ -70,6 +74,16 @@ namespace BTCPayServer.Controllers.Greenfield
ModelState.AddModelError(string.Empty, "Missing body");
return this.CreateValidationError(ModelState);
}
if (request.AutoApproveClaims)
{
if (!(await _authorizationService.AuthorizeAsync(User, null,
new PolicyRequirement(Policies.CanCreatePullPayments))).Succeeded)
{
return this.CreateAPIPermissionError(Policies.CanCreatePullPayments);
}
}
if (request.Amount <= 0.0m)
{
ModelState.AddModelError(nameof(request.Amount), "The amount should more than 0.");
@@ -304,9 +318,18 @@ namespace BTCPayServer.Controllers.Greenfield
}
[HttpPost("~/api/v1/stores/{storeId}/payouts")]
[Authorize(Policy = Policies.CanManagePullPayments, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
[Authorize(Policy = Policies.CanCreateNonApprovedPullPayments, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
public async Task<IActionResult> CreatePayoutThroughStore(string storeId, CreatePayoutThroughStoreRequest request)
{
if (request.Approved is true)
{
if (!(await _authorizationService.AuthorizeAsync(User, null,
new PolicyRequirement(Policies.CanCreatePullPayments))).Succeeded)
{
return this.CreateAPIPermissionError(Policies.CanCreatePullPayments);
}
}
if (request is null || !PaymentMethodId.TryParse(request?.PaymentMethod, out var paymentMethodId))
{
ModelState.AddModelError(nameof(request.PaymentMethod), "Invalid payment method");