Adapt cookie auth to work with same API permission system (#4595)

* Adapt cookie auth to work with same API permission system * Handle unscoped store permission case * Do not consider Unscoped as a valid policy * Add tests * Refactor permissions scopes --------- Co-authored-by: Dennis Reimann <mail@dennisreimann.de> Co-authored-by: nicolas.dorier <nicolas.dorier@gmail.com>
2025-12-18 22:44:29 +01:00 · 2023-03-20 02:46:46 +01:00
parent 6f2b673021
commit fae1dc8dbb
16 changed files with 298 additions and 85 deletions
--- a/BTCPayServer/Data/StoreDataExtensions.cs
+++ b/BTCPayServer/Data/StoreDataExtensions.cs
@@ -1,8 +1,10 @@
 #nullable enable
 using System;
 using System.Collections.Generic;
+using System.Data;
 using System.Linq;
 using System.Text;
+using BTCPayServer.Client;
 using BTCPayServer.Payments;
 using BTCPayServer.Payments.Lightning;
 using BTCPayServer.Services.Rates;
@@ -14,6 +16,33 @@ namespace BTCPayServer.Data
 {
    public static class StoreDataExtensions
    {
+        public static PermissionSet GetPermissionSet(this StoreData store)
+        {
+            ArgumentNullException.ThrowIfNull(store);
+            if (store.Role is null)
+                return new PermissionSet();
+            return new PermissionSet(store.Role == StoreRoles.Owner
+                        ? new[]
+                        {
+                        Permission.Create(Policies.CanModifyStoreSettings, store.Id),
+                        Permission.Create(Policies.CanTradeCustodianAccount, store.Id),
+                        Permission.Create(Policies.CanWithdrawFromCustodianAccounts, store.Id),
+                        Permission.Create(Policies.CanDepositToCustodianAccounts, store.Id)
+                        }
+                        : new[]
+                        {
+                        Permission.Create(Policies.CanViewStoreSettings, store.Id),
+                        Permission.Create(Policies.CanModifyInvoices, store.Id),
+                        Permission.Create(Policies.CanViewCustodianAccounts, store.Id),
+                        Permission.Create(Policies.CanDepositToCustodianAccounts, store.Id)
+                        });
+        }
+        public static bool HasPermission(this StoreData store, string permission)
+        {
+            ArgumentNullException.ThrowIfNull(store);
+            return store.GetPermissionSet().Contains(permission, store.Id);
+        }
+
 #pragma warning disable CS0618
        public static PaymentMethodId? GetDefaultPaymentId(this StoreData storeData)
        {