Compare commits

...

4 Commits

Author SHA1 Message Date
1860333250 Make Ln address pass an invoiceId in the context to resolve breaking change 2023-08-25 10:27:57 +02:00
e93cf36a98 FIx permission misalignment on create pull payments
We have explicit permissions for pull payment creation, even allow them to be created through the invoices, but the create ui and cta were blocked behind  canmodify store permission.
2023-08-24 16:54:15 +02:00
156a6633bb Show app view link in nav when not enoguh permission to modify 2023-08-24 16:35:20 +02:00
c41e528872 BUmp LNURL 2023-08-24 16:35:19 +02:00
7 changed files with 28 additions and 7 deletions

View File

@ -54,7 +54,7 @@
<PackageReference Include="Fido2" Version="2.0.2" />
<PackageReference Include="Fido2.AspNet" Version="2.0.2" />
<PackageReference Include="HtmlSanitizer" Version="5.0.372" />
<PackageReference Include="LNURL" Version="0.0.29" />
<PackageReference Include="LNURL" Version="0.0.30" />
<PackageReference Include="MailKit" Version="3.3.0" />
<PackageReference Include="BTCPayServer.NETCore.Plugins.Mvc" Version="1.4.4" />
<PackageReference Include="QRCoder" Version="1.4.3" />

View File

@ -714,6 +714,7 @@ namespace BTCPayServer
try
{
var expiry = i.ExpirationTime.ToUniversalTime() - DateTimeOffset.UtcNow;
HttpContext.Items.Add(nameof(invoiceId), invoiceId);
var description = (await _pluginHookService.ApplyFilter("modify-lnurlp-description", lnurlPayRequest.Metadata)) as string;
if (description is null)
return NotFound();

View File

@ -39,6 +39,7 @@ namespace BTCPayServer.Controllers
private readonly PullPaymentHostedService _pullPaymentService;
private readonly ApplicationDbContextFactory _dbContextFactory;
private readonly BTCPayNetworkJsonSerializerSettings _jsonSerializerSettings;
private readonly IAuthorizationService _authorizationService;
public StoreData CurrentStore
{
@ -54,7 +55,8 @@ namespace BTCPayServer.Controllers
DisplayFormatter displayFormatter,
PullPaymentHostedService pullPaymentHostedService,
ApplicationDbContextFactory dbContextFactory,
BTCPayNetworkJsonSerializerSettings jsonSerializerSettings)
BTCPayNetworkJsonSerializerSettings jsonSerializerSettings,
IAuthorizationService authorizationService)
{
_btcPayNetworkProvider = btcPayNetworkProvider;
_payoutHandlers = payoutHandlers;
@ -63,10 +65,11 @@ namespace BTCPayServer.Controllers
_pullPaymentService = pullPaymentHostedService;
_dbContextFactory = dbContextFactory;
_jsonSerializerSettings = jsonSerializerSettings;
_authorizationService = authorizationService;
}
[HttpGet("stores/{storeId}/pull-payments/new")]
[Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
[Authorize(Policy = Policies.CanCreateNonApprovedPullPayments, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
public async Task<IActionResult> NewPullPayment(string storeId)
{
if (CurrentStore is null)
@ -95,7 +98,7 @@ namespace BTCPayServer.Controllers
}
[HttpPost("stores/{storeId}/pull-payments/new")]
[Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
[Authorize(Policy = Policies.CanCreateNonApprovedPullPayments, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
public async Task<IActionResult> NewPullPayment(string storeId, NewPullPaymentModel model)
{
if (CurrentStore is null)
@ -135,6 +138,11 @@ namespace BTCPayServer.Controllers
}
if (!ModelState.IsValid)
return View(model);
if (model.AutoApproveClaims)
{
model.AutoApproveClaims = (await
_authorizationService.AuthorizeAsync(User, storeId, Policies.CanCreatePullPayments)).Succeeded;
}
await _pullPaymentService.CreatePullPayment(new HostedServices.CreatePullPayment()
{
Name = model.Name,

View File

@ -27,5 +27,10 @@
<span>@app.AppName</span>
</a>
</li>
<li class="nav-item nav-item-sub" not-permission="@Policies.CanModifyStoreSettings">
<a asp-area="" asp-controller="UICrowdfund" asp-action="ViewCrowdfund" asp-route-appId="@app.Id" class="nav-link">
<span>@app.AppName</span>
</a>
</li>
}
}

View File

@ -27,5 +27,10 @@
<span>@app.AppName</span>
</a>
</li>
<li class="nav-item nav-item-sub" not-permission="@Policies.CanModifyStoreSettings">
<a asp-area="" asp-controller="UIPointOfSale" asp-action="ViewPointOfSale" asp-route-appId="@app.Id" class="nav-link">
<span>@app.AppName</span>
</a>
</li>
}
}

View File

@ -1,4 +1,5 @@
@using BTCPayServer.Abstractions.Extensions
@using BTCPayServer.Client
@using BTCPayServer.Views.Stores
@model BTCPayServer.Models.WalletViewModels.NewPullPaymentModel
@{
@ -42,7 +43,7 @@
<span asp-validation-for="Currency" class="text-danger"></span>
</div>
<div class="form-group col-12">
<div class="form-group col-12" permission="@Policies.CanCreatePullPayments">
<div class="form-check ">
<input asp-for="AutoApproveClaims" type="checkbox" class="form-check-input"/>
<label asp-for="AutoApproveClaims" class="form-check-label"></label>

View File

@ -6,7 +6,8 @@
@using ExchangeSharp
@model BTCPayServer.Models.WalletViewModels.PullPaymentsModel
@{
ViewData.SetActivePage(StoreNavPages.PullPayments, "Pull Payments", Context.GetStoreData().Id);
var storeId = Context.GetStoreData().Id;
ViewData.SetActivePage(StoreNavPages.PullPayments, "Pull Payments", storeId);
var nextStartDateSortOrder = (string)ViewData["NextStartSortOrder"];
string startDateSortOrder = null;
switch (nextStartDateSortOrder)
@ -45,7 +46,7 @@
<vc:icon symbol="info" />
</a>
</h2>
<a permission="@Policies.CanModifyStoreSettings" asp-action="NewPullPayment" asp-route-storeId="@Context.GetRouteValue("storeId")" class="btn btn-primary" role="button" id="NewPullPayment">
<a permission="@Policies.CanCreateNonApprovedPullPayments" asp-action="NewPullPayment" asp-route-storeId="@storeId" class="btn btn-primary" role="button" id="NewPullPayment">
<span class="fa fa-plus"></span> Create Pull Payment
</a>
</div>