Make Ln address pass an invoiceId in the context to resolve breaking change

FIx permission misalignment on create pull payments
We have explicit permissions for pull payment creation, even allow them to be created through the invoices, but the create ui and cta were blocked behind canmodify store permission.
2023-08-25 10:27:57 +02:00 · 2023-08-24 16:54:15 +02:00 · 2023-08-24 16:35:20 +02:00 · 2023-08-24 16:35:19 +02:00
7 changed files with 28 additions and 7 deletions
--- a/BTCPayServer/BTCPayServer.csproj
+++ b/BTCPayServer/BTCPayServer.csproj
@ -54,7 +54,7 @@
    <PackageReference Include="Fido2" Version="2.0.2" />
    <PackageReference Include="Fido2.AspNet" Version="2.0.2" />
    <PackageReference Include="HtmlSanitizer" Version="5.0.372" />
-    <PackageReference Include="LNURL" Version="0.0.29" />
+    <PackageReference Include="LNURL" Version="0.0.30" />
    <PackageReference Include="MailKit" Version="3.3.0" />
    <PackageReference Include="BTCPayServer.NETCore.Plugins.Mvc" Version="1.4.4" />
    <PackageReference Include="QRCoder" Version="1.4.3" />
--- a/BTCPayServer/Controllers/UILNURLController.cs
+++ b/BTCPayServer/Controllers/UILNURLController.cs
@ -714,6 +714,7 @@ namespace BTCPayServer
                    try
                    {
                        var expiry = i.ExpirationTime.ToUniversalTime() - DateTimeOffset.UtcNow;
+                        HttpContext.Items.Add(nameof(invoiceId), invoiceId);
                        var description = (await _pluginHookService.ApplyFilter("modify-lnurlp-description", lnurlPayRequest.Metadata)) as string;
                        if (description is null)
                            return NotFound();
--- a/BTCPayServer/Controllers/UIStorePullPaymentsController.PullPayments.cs
+++ b/BTCPayServer/Controllers/UIStorePullPaymentsController.PullPayments.cs
@ -39,6 +39,7 @@ namespace BTCPayServer.Controllers
        private readonly PullPaymentHostedService _pullPaymentService;
        private readonly ApplicationDbContextFactory _dbContextFactory;
        private readonly BTCPayNetworkJsonSerializerSettings _jsonSerializerSettings;
+        private readonly IAuthorizationService _authorizationService;

        public StoreData CurrentStore
        {
@ -54,7 +55,8 @@ namespace BTCPayServer.Controllers
            DisplayFormatter displayFormatter,
            PullPaymentHostedService pullPaymentHostedService,
            ApplicationDbContextFactory dbContextFactory,
-            BTCPayNetworkJsonSerializerSettings jsonSerializerSettings)
+            BTCPayNetworkJsonSerializerSettings jsonSerializerSettings,
+            IAuthorizationService authorizationService)
        {
            _btcPayNetworkProvider = btcPayNetworkProvider;
            _payoutHandlers = payoutHandlers;
@ -63,10 +65,11 @@ namespace BTCPayServer.Controllers
            _pullPaymentService = pullPaymentHostedService;
            _dbContextFactory = dbContextFactory;
            _jsonSerializerSettings = jsonSerializerSettings;
+            _authorizationService = authorizationService;
        }

        [HttpGet("stores/{storeId}/pull-payments/new")]
-        [Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
+        [Authorize(Policy = Policies.CanCreateNonApprovedPullPayments, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
        public async Task<IActionResult> NewPullPayment(string storeId)
        {
            if (CurrentStore is null)
@ -95,7 +98,7 @@ namespace BTCPayServer.Controllers
        }

        [HttpPost("stores/{storeId}/pull-payments/new")]
-        [Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
+        [Authorize(Policy = Policies.CanCreateNonApprovedPullPayments, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
        public async Task<IActionResult> NewPullPayment(string storeId, NewPullPaymentModel model)
        {
            if (CurrentStore is null)
@ -135,6 +138,11 @@ namespace BTCPayServer.Controllers
            }
            if (!ModelState.IsValid)
                return View(model);
+            if (model.AutoApproveClaims)
+            {
+                model.AutoApproveClaims = (await
+                    _authorizationService.AuthorizeAsync(User, storeId, Policies.CanCreatePullPayments)).Succeeded;
+            }
            await _pullPaymentService.CreatePullPayment(new HostedServices.CreatePullPayment()
            {
                Name = model.Name,
--- a/BTCPayServer/Views/Shared/Crowdfund/NavExtension.cshtml
+++ b/BTCPayServer/Views/Shared/Crowdfund/NavExtension.cshtml
@ -27,5 +27,10 @@
                <span>@app.AppName</span>
            </a>
        </li>
+        <li class="nav-item nav-item-sub" not-permission="@Policies.CanModifyStoreSettings">
+            <a asp-area="" asp-controller="UICrowdfund" asp-action="ViewCrowdfund" asp-route-appId="@app.Id" class="nav-link">
+                <span>@app.AppName</span>
+            </a>
+        </li>
    }
 }
--- a/BTCPayServer/Views/Shared/PointOfSale/NavExtension.cshtml
+++ b/BTCPayServer/Views/Shared/PointOfSale/NavExtension.cshtml
@ -27,5 +27,10 @@
                <span>@app.AppName</span>
            </a>
        </li>
+        <li class="nav-item nav-item-sub" not-permission="@Policies.CanModifyStoreSettings">
+            <a asp-area="" asp-controller="UIPointOfSale" asp-action="ViewPointOfSale" asp-route-appId="@app.Id" class="nav-link">
+                <span>@app.AppName</span>
+            </a>
+        </li>
    }
 }
--- a/BTCPayServer/Views/UIStorePullPayments/NewPullPayment.cshtml
+++ b/BTCPayServer/Views/UIStorePullPayments/NewPullPayment.cshtml
@ -1,4 +1,5 @@
@using BTCPayServer.Abstractions.Extensions
+@using BTCPayServer.Client
@using BTCPayServer.Views.Stores
@model BTCPayServer.Models.WalletViewModels.NewPullPaymentModel
@{
@ -42,7 +43,7 @@
                    <span asp-validation-for="Currency" class="text-danger"></span>
                </div>

-                <div class="form-group col-12">
+                <div class="form-group col-12" permission="@Policies.CanCreatePullPayments">
                    <div class="form-check ">
                        <input asp-for="AutoApproveClaims" type="checkbox" class="form-check-input"/>
                        <label asp-for="AutoApproveClaims" class="form-check-label"></label>
--- a/BTCPayServer/Views/UIStorePullPayments/PullPayments.cshtml
+++ b/BTCPayServer/Views/UIStorePullPayments/PullPayments.cshtml
@ -6,7 +6,8 @@
@using ExchangeSharp
@model BTCPayServer.Models.WalletViewModels.PullPaymentsModel
@{
-    ViewData.SetActivePage(StoreNavPages.PullPayments, "Pull Payments", Context.GetStoreData().Id);
+    var storeId = Context.GetStoreData().Id;
+    ViewData.SetActivePage(StoreNavPages.PullPayments, "Pull Payments", storeId);
    var nextStartDateSortOrder = (string)ViewData["NextStartSortOrder"];
    string startDateSortOrder = null;
    switch (nextStartDateSortOrder)
@ -45,7 +46,7 @@
            <vc:icon symbol="info" />
        </a>
    </h2>
-    <a permission="@Policies.CanModifyStoreSettings" asp-action="NewPullPayment" asp-route-storeId="@Context.GetRouteValue("storeId")" class="btn btn-primary" role="button" id="NewPullPayment">
+    <a permission="@Policies.CanCreateNonApprovedPullPayments" asp-action="NewPullPayment" asp-route-storeId="@storeId" class="btn btn-primary" role="button" id="NewPullPayment">
        <span class="fa fa-plus"></span> Create Pull Payment
    </a>
 </div>
Author	SHA1	Message	Date
Kukks	1860333250	Make Ln address pass an invoiceId in the context to resolve breaking change	2023-08-25 10:27:57 +02:00
Kukks	e93cf36a98	FIx permission misalignment on create pull payments We have explicit permissions for pull payment creation, even allow them to be created through the invoices, but the create ui and cta were blocked behind canmodify store permission.	2023-08-24 16:54:15 +02:00
Kukks	156a6633bb	Show app view link in nav when not enoguh permission to modify	2023-08-24 16:35:20 +02:00
Kukks	c41e528872	BUmp LNURL	2023-08-24 16:35:19 +02:00