* Store users: Ensure the last owner cannot be downgraded
Changes the behaviour of the `AddOrUpdateStoreUser` method to throw errors for the failure cases, so that the UI and API can report the actual problem. A role change might fail if the user already has that role or if they are the last owner of the store.
* Cleanup code
---------
Co-authored-by: nicolas.dorier <nicolas.dorier@gmail.com>
* Code cleanup
* Preparing model to include data needed for fiat display
* Displaying fiat amount and allowing switching between it and BTC
* Restoring parts removed by vibe coding
* Making ToFiatAmount method work for in wider variety of cases
* Tweaks for display and negative values
* Calculating amounts on serverside and simplifying
* Fix warnings
---------
Co-authored-by: nicolas.dorier <nicolas.dorier@gmail.com>
* fix: return 403 when unauthenticated user accesses an archived invoice receipt
* refactor: simplify archived invoice access check with pattern matching
* Return 404 for unauthorized users accessing archived invoice
Co-authored-by: d11n <mail@dennisreimann.de>
* feat: add archived invoice validation for unauthenticated access in Checkout and GetStatus
* test: add test case for unauthorized access to archived invoice returning not found
* test: add unauthorized checkout test for archived invoice
* Commenting code and adding test case for GetStatus
---------
Co-authored-by: d11n <mail@dennisreimann.de>
Co-authored-by: rockstardev <5191402+rockstardev@users.noreply.github.com>
* Adding endpoint in Greenfield to allow server email settings
* Adding related swagger file
* Refactoring EmailSettingsData to be more readable
* Adding server email masking
* Adding tests
* Update BTCPayServer/wwwroot/swagger/v1/swagger.template.serveremail.json
Co-authored-by: d11n <mail@dennisreimann.de>
* Masking smtp server email returned over greenfield api and test
* Retaining password if password mask is used
* Remove magic string *****
* Flatten request for server's settings. Fix bug on shared setting instances
* Remove useless doc
* Simplify code
* Fix Store Email settings page
---------
Co-authored-by: d11n <mail@dennisreimann.de>
Co-authored-by: nicolas.dorier <nicolas.dorier@gmail.com>
* Adding MultisigTests
* Adding fetching of receive address and creating pending transaction
* Completing multisig test flow
* Reverting Selenium ChromeDriver version
* Adding generation of PSBTs
* Removing unnecessary lines
* PSBT test signing now working with multisig dervation scheme
* Updating SignTestPSBT test
* Reducing number of iterations for test funding, to speed up tests
* Bugfixing PSBT problem
* Ensuring that PSBT signing also works for pending transactions
* Ensuring we don't collect count duplicate signatures for same PSBTs
* Resolving bug in PendingTransactionService where Combine was modifying object
* Fixing bug where pending transaction was not broadcased if there was ReturnUrl
* Finally finishing Multisig Selenium test flow with signing PSBTs, broadcasting and cancelling them
* Small nit, waiting loaded element
* Nit: Use AssetElementNotFound
* Fix warning
* Remove code dups
---------
Co-authored-by: nicolas.dorier <nicolas.dorier@gmail.com>
* Invoices: Allow admin to see invoices of users
Fixes#6489. As discussed with @TChukwuleta, this succeeds and closes#6497.
* Invoices: Allow admin to see invoices of users
Fixes#6489. As discussed with @TChukwuleta, this succeeds and closes#6497.
* Update controller to allow admin access for basic invoice actions
* POS: Fix form redirect in conjunction with root path setting
Fixes#6493 and also adds missing status messages on the forms pages.
* Fix other occurrences
As discussed with @NicolasDorier on Mattermost: Right now only store owners can access the app data, which doesn't contain sensitive info or something beyond what one would see as a regular customer. The app would need a way to access the data for roles other than `Owner` as well, e.g. `Employee`.
* App: Add events which the app subscribes to
Various events, which are relevant for the app to react to changes made on the server.
* Refactor events
* Do not extend NewBlockEvent
* Refactoring events
* Add store role events
* Refactoring: Rename StoreUserEvent
* Fix: Subscribe to UserEvent.Invited
---------
Co-authored-by: nicolas.dorier <nicolas.dorier@gmail.com>
