Adapt cookie auth to work with same API permission system (#4595)

* Adapt cookie auth to work with same API permission system * Handle unscoped store permission case * Do not consider Unscoped as a valid policy * Add tests * Refactor permissions scopes --------- Co-authored-by: Dennis Reimann <mail@dennisreimann.de> Co-authored-by: nicolas.dorier <nicolas.dorier@gmail.com>
2025-12-30 04:04:21 +01:00 · 2023-03-20 02:46:46 +01:00
parent 6f2b673021
commit fae1dc8dbb
16 changed files with 298 additions and 85 deletions
--- a/BTCPayServer/Security/GreenField/APIKeyExtensions.cs
+++ b/BTCPayServer/Security/GreenField/APIKeyExtensions.cs
@@ -48,18 +48,12 @@ namespace BTCPayServer.Security.Greenfield
                .Select(claim => claim.Value).ToArray();
        }
        public static bool HasPermission(this AuthorizationHandlerContext context, Permission permission)
-        {
-            return HasPermission(context, permission, false);
-        }
-        public static bool HasPermission(this AuthorizationHandlerContext context, Permission permission, bool requireUnscoped)
        {
            foreach (var claim in context.User.Claims.Where(c =>
                c.Type.Equals(GreenfieldConstants.ClaimTypes.Permission, StringComparison.InvariantCultureIgnoreCase)))
            {
                if (Permission.TryParse(claim.Value, out var claimPermission))
                {
-                    if (requireUnscoped && claimPermission.Scope is not null)
-                        continue;
                    if (claimPermission.Contains(permission))
                    {
                        return true;