Store-centric UI (#3091)

* Update layout structure and header * Implement store selector * Simplify homepage * Update layout * Use dropdown for store selector * Hide global nav in store context * Horizontal section nav * Remove outer section and container from content views * Update nav * Set store context for invoice and payment request lists * Test fixes * Persist menu collapse state on client-side * MainNav as view component * Update app routes to incorporate store context * Test fixes * Display ticker for altcoins build only * Plugins nav * Incorporate category for active page as well * Update invoice icon * Add apps list to nav * Add store context to app type controllers * Incorporate id for active page as well * Test fixes * AppsController cleanup * Nav: Display only apps for the current store * Remove leftover from merge * Nav styles optimization * Left-align content container * Increase sidebar padding on desktop * Use min-width for store selector menu * Store settings nav update * Update app and payment request routes * Test fixes * Refactor MainNav component to use StoresController * Set store context for invoice actions * Cleanups * Remove CurrentStore checks The response will be "Access denied" in case the CookieAuthorizationHandler cannot resolve the store. * Remove unnecessary store context setters * Test fix
2025-12-18 22:44:29 +01:00 · 2021-12-11 04:32:23 +01:00
parent 2b1436e303
commit f8e6b51e9d
79 changed files with 3782 additions and 3446 deletions
--- a/BTCPayServer/Security/CookieAuthorizationHandler.cs
+++ b/BTCPayServer/Security/CookieAuthorizationHandler.cs
@@ -2,10 +2,14 @@ using System.Threading.Tasks;
 using BTCPayServer.Abstractions.Constants;
 using BTCPayServer.Client;
 using BTCPayServer.Data;
+using BTCPayServer.PaymentRequest;
+using BTCPayServer.Services.Apps;
+using BTCPayServer.Services.Invoices;
 using BTCPayServer.Services.Stores;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Routing;

 namespace BTCPayServer.Security
 {
@@ -14,14 +18,23 @@ namespace BTCPayServer.Security
        private readonly HttpContext _HttpContext;
        private readonly UserManager<ApplicationUser> _userManager;
        private readonly StoreRepository _storeRepository;
+        private readonly AppService _appService;
+        private readonly PaymentRequestService _paymentRequestService;
+        private readonly InvoiceRepository _invoiceRepository;

        public CookieAuthorizationHandler(IHttpContextAccessor httpContextAccessor,
                                UserManager<ApplicationUser> userManager,
-                                StoreRepository storeRepository)
+                                StoreRepository storeRepository,
+                                AppService appService,
+                                InvoiceRepository invoiceRepository,
+                                PaymentRequestService paymentRequestService)
        {
            _HttpContext = httpContextAccessor.HttpContext;
            _userManager = userManager;
+            _appService = appService;
            _storeRepository = storeRepository;
+            _invoiceRepository = invoiceRepository;
+            _paymentRequestService = paymentRequestService;
        }
        protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, PolicyRequirement requirement)
        {
@@ -37,15 +50,46 @@ namespace BTCPayServer.Security
                    return;
            }

-            string storeId =  context.Resource is string s? s :_HttpContext.GetImplicitStoreId();
+            string storeId = context.Resource is string s ? s : _HttpContext.GetImplicitStoreId();
            if (storeId == null)
-                return;
-
+            {
+                var routeData = _HttpContext.GetRouteData();
+                if (routeData != null)
+                {
+                    // resolve from app
+                    if (routeData.Values.TryGetValue("appId", out var vAppId))
+                    {
+                        string appId = vAppId as string;
+                        var app = await _appService.GetApp(appId, null);
+                        storeId = app?.StoreDataId;
+                    }
+                    // resolve from payment request
+                    else if (routeData.Values.TryGetValue("payReqId", out var vPayReqId))
+                    {
+                        string payReqId = vPayReqId as string;
+                        var paymentRequest = await _paymentRequestService.GetPaymentRequest(payReqId);
+                        storeId = paymentRequest?.StoreId;
+                    }
+                    // resolve from app
+                    if (routeData.Values.TryGetValue("invoiceId", out var vInvoiceId))
+                    {
+                        string invoiceId = vInvoiceId as string;
+                        var invoice = await _invoiceRepository.GetInvoice(invoiceId);
+                        storeId = invoice?.StoreId;
+                    }
+                }
+                
+                // store could not be found
+                if (storeId == null)
+                {
+                    return;
+                }
+            }
+                
            var userid = _userManager.GetUserId(context.User);
            if (string.IsNullOrEmpty(userid))
                return;

-
            var store = await _storeRepository.FindStore(storeId, userid);
            
            bool success = false;