2024-03-19 14:58:33 +01:00
|
|
|
#nullable enable
|
|
|
|
|
using System;
|
|
|
|
|
using System.Linq;
|
|
|
|
|
using System.Threading.Tasks;
|
|
|
|
|
using BTCPayServer.Abstractions.Constants;
|
|
|
|
|
using BTCPayServer.Abstractions.Extensions;
|
|
|
|
|
using BTCPayServer.Abstractions.Models;
|
|
|
|
|
using BTCPayServer.Client;
|
|
|
|
|
using BTCPayServer.Data;
|
|
|
|
|
using BTCPayServer.Events;
|
|
|
|
|
using BTCPayServer.Models.StoreViewModels;
|
|
|
|
|
using BTCPayServer.Services.Mails;
|
|
|
|
|
using BTCPayServer.Services.Stores;
|
|
|
|
|
using Microsoft.AspNetCore.Authorization;
|
|
|
|
|
using Microsoft.AspNetCore.Mvc;
|
|
|
|
|
|
2024-04-04 11:00:18 +02:00
|
|
|
namespace BTCPayServer.Controllers;
|
|
|
|
|
|
|
|
|
|
public partial class UIStoresController
|
2024-03-19 14:58:33 +01:00
|
|
|
{
|
2024-04-04 11:00:18 +02:00
|
|
|
[HttpGet("{storeId}/users")]
|
|
|
|
|
public async Task<IActionResult> StoreUsers()
|
2024-03-19 14:58:33 +01:00
|
|
|
{
|
2024-04-04 11:00:18 +02:00
|
|
|
var vm = new StoreUsersViewModel { Role = StoreRoleId.Employee.Role };
|
|
|
|
|
await FillUsers(vm);
|
|
|
|
|
return View(vm);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
[HttpPost("{storeId}/users")]
|
|
|
|
|
[Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
|
|
|
|
|
public async Task<IActionResult> StoreUsers(string storeId, StoreUsersViewModel vm)
|
|
|
|
|
{
|
|
|
|
|
await FillUsers(vm);
|
|
|
|
|
if (!ModelState.IsValid)
|
2024-03-19 14:58:33 +01:00
|
|
|
{
|
|
|
|
|
return View(vm);
|
|
|
|
|
}
|
|
|
|
|
|
2024-04-04 11:00:18 +02:00
|
|
|
var roles = await _storeRepo.GetStoreRoles(CurrentStore.Id);
|
|
|
|
|
if (roles.All(role => role.Id != vm.Role))
|
|
|
|
|
{
|
2024-10-17 15:51:40 +02:00
|
|
|
ModelState.AddModelError(nameof(vm.Role), StringLocalizer["Invalid role"]);
|
2024-04-04 11:00:18 +02:00
|
|
|
return View(vm);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var user = await _userManager.FindByEmailAsync(vm.Email);
|
|
|
|
|
var isExistingUser = user is not null;
|
|
|
|
|
var isExistingStoreUser = isExistingUser && await _storeRepo.GetStoreUser(storeId, user!.Id) is not null;
|
|
|
|
|
var successInfo = string.Empty;
|
|
|
|
|
if (user == null)
|
2024-03-19 14:58:33 +01:00
|
|
|
{
|
2024-04-04 11:00:18 +02:00
|
|
|
user = new ApplicationUser
|
2024-03-19 14:58:33 +01:00
|
|
|
{
|
2024-04-04 11:00:18 +02:00
|
|
|
UserName = vm.Email,
|
|
|
|
|
Email = vm.Email,
|
|
|
|
|
RequiresEmailConfirmation = _policiesSettings.RequiresConfirmedEmail,
|
|
|
|
|
RequiresApproval = _policiesSettings.RequiresUserApproval,
|
|
|
|
|
Created = DateTimeOffset.UtcNow
|
|
|
|
|
};
|
2024-03-19 14:58:33 +01:00
|
|
|
|
2024-04-04 11:00:18 +02:00
|
|
|
var result = await _userManager.CreateAsync(user);
|
|
|
|
|
if (result.Succeeded)
|
2024-03-19 14:58:33 +01:00
|
|
|
{
|
2024-12-06 05:47:14 +01:00
|
|
|
var invitationEmail = await _emailSenderFactory.IsComplete();
|
|
|
|
|
var tcs = new TaskCompletionSource<Uri>();
|
2024-04-04 11:00:18 +02:00
|
|
|
var currentUser = await _userManager.GetUserAsync(HttpContext.User);
|
2024-03-19 14:58:33 +01:00
|
|
|
|
2024-04-04 11:00:18 +02:00
|
|
|
_eventAggregator.Publish(new UserRegisteredEvent
|
2024-03-19 14:58:33 +01:00
|
|
|
{
|
2024-04-04 11:00:18 +02:00
|
|
|
RequestUri = Request.GetAbsoluteRootUri(),
|
|
|
|
|
Kind = UserRegisteredEventKind.Invite,
|
|
|
|
|
User = user,
|
|
|
|
|
InvitedByUser = currentUser,
|
2024-12-06 05:47:14 +01:00
|
|
|
SendInvitationEmail = invitationEmail,
|
2024-04-04 11:00:18 +02:00
|
|
|
CallbackUrlGenerated = tcs
|
|
|
|
|
});
|
2024-03-19 14:58:33 +01:00
|
|
|
|
2024-04-04 11:00:18 +02:00
|
|
|
var callbackUrl = await tcs.Task;
|
2024-12-06 05:47:14 +01:00
|
|
|
var info = invitationEmail
|
|
|
|
|
? "An invitation email has been sent.<br/>You may alternatively"
|
2024-04-04 11:00:18 +02:00
|
|
|
: "An invitation email has not been sent, because the server does not have an email server configured.<br/> You need to";
|
|
|
|
|
successInfo = $"{info} share this link with them: <a class='alert-link' href='{callbackUrl}'>{callbackUrl}</a>";
|
2024-03-19 14:58:33 +01:00
|
|
|
}
|
2024-04-04 11:00:18 +02:00
|
|
|
else
|
2024-03-19 14:58:33 +01:00
|
|
|
{
|
2024-04-04 11:00:18 +02:00
|
|
|
ModelState.AddModelError(nameof(vm.Email), "User could not be invited");
|
|
|
|
|
return View(vm);
|
2024-03-19 14:58:33 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2024-04-04 11:00:18 +02:00
|
|
|
var roleId = await _storeRepo.ResolveStoreRoleId(storeId, vm.Role);
|
|
|
|
|
var action = isExistingUser
|
|
|
|
|
? isExistingStoreUser ? "updated" : "added"
|
|
|
|
|
: "invited";
|
|
|
|
|
if (await _storeRepo.AddOrUpdateStoreUser(CurrentStore.Id, user.Id, roleId))
|
2024-03-19 14:58:33 +01:00
|
|
|
{
|
2024-04-04 11:00:18 +02:00
|
|
|
TempData.SetStatusMessageModel(new StatusMessageModel
|
|
|
|
|
{
|
|
|
|
|
Severity = StatusMessageModel.StatusSeverity.Success,
|
|
|
|
|
AllowDismiss = false,
|
|
|
|
|
Html = $"User {action} successfully." + (string.IsNullOrEmpty(successInfo) ? "" : $" {successInfo}")
|
|
|
|
|
});
|
|
|
|
|
return RedirectToAction(nameof(StoreUsers));
|
2024-03-19 14:58:33 +01:00
|
|
|
}
|
|
|
|
|
|
2024-04-04 11:00:18 +02:00
|
|
|
ModelState.AddModelError(nameof(vm.Email), $"The user could not be {action}");
|
|
|
|
|
return View(vm);
|
|
|
|
|
}
|
2024-03-19 14:58:33 +01:00
|
|
|
|
2024-04-04 11:00:18 +02:00
|
|
|
[HttpPost("{storeId}/users/{userId}")]
|
|
|
|
|
[Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
|
|
|
|
|
public async Task<IActionResult> UpdateStoreUser(string storeId, string userId, StoreUsersViewModel.StoreUserViewModel vm)
|
|
|
|
|
{
|
|
|
|
|
var roleId = await _storeRepo.ResolveStoreRoleId(storeId, vm.Role);
|
|
|
|
|
var storeUsers = await _storeRepo.GetStoreUsers(storeId);
|
|
|
|
|
var user = storeUsers.First(user => user.Id == userId);
|
|
|
|
|
var isOwner = user.StoreRole.Id == StoreRoleId.Owner.Id;
|
|
|
|
|
var isLastOwner = isOwner && storeUsers.Count(u => u.StoreRole.Id == StoreRoleId.Owner.Id) == 1;
|
|
|
|
|
if (isLastOwner && roleId != StoreRoleId.Owner)
|
2024-10-17 15:51:40 +02:00
|
|
|
TempData[WellKnownTempData.ErrorMessage] = StringLocalizer["User {0} is the last owner. Their role cannot be changed.", user.Email].Value;
|
2024-04-04 11:00:18 +02:00
|
|
|
else if (await _storeRepo.AddOrUpdateStoreUser(storeId, userId, roleId))
|
2024-10-17 15:51:40 +02:00
|
|
|
TempData[WellKnownTempData.SuccessMessage] = StringLocalizer["The role of {0} has been changed to {1}.", user.Email, vm.Role].Value;
|
2024-04-04 11:00:18 +02:00
|
|
|
return RedirectToAction(nameof(StoreUsers), new { storeId, userId });
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
[HttpPost("{storeId}/users/{userId}/delete")]
|
|
|
|
|
[Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
|
|
|
|
|
public async Task<IActionResult> DeleteStoreUser(string storeId, string userId)
|
|
|
|
|
{
|
|
|
|
|
if (await _storeRepo.RemoveStoreUser(storeId, userId))
|
2024-10-17 15:51:40 +02:00
|
|
|
TempData[WellKnownTempData.SuccessMessage] = StringLocalizer["User removed successfully."].Value;
|
2024-04-04 11:00:18 +02:00
|
|
|
else
|
2024-10-17 15:51:40 +02:00
|
|
|
TempData[WellKnownTempData.ErrorMessage] = StringLocalizer["Removing this user would result in the store having no owner."].Value;
|
2024-04-04 11:00:18 +02:00
|
|
|
return RedirectToAction(nameof(StoreUsers), new { storeId, userId });
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private async Task FillUsers(StoreUsersViewModel vm)
|
|
|
|
|
{
|
|
|
|
|
var users = await _storeRepo.GetStoreUsers(CurrentStore.Id);
|
|
|
|
|
vm.StoreId = CurrentStore.Id;
|
2024-06-26 10:39:22 +02:00
|
|
|
vm.Users = users.Select(u => new StoreUsersViewModel.StoreUserViewModel
|
2024-03-19 14:58:33 +01:00
|
|
|
{
|
2024-04-04 11:00:18 +02:00
|
|
|
Email = u.Email,
|
2024-06-26 10:39:22 +02:00
|
|
|
Name = u.UserBlob.Name,
|
|
|
|
|
ImageUrl = u.UserBlob.ImageUrl,
|
2024-04-04 11:00:18 +02:00
|
|
|
Id = u.Id,
|
|
|
|
|
Role = u.StoreRole.Role
|
|
|
|
|
}).ToList();
|
2024-03-19 14:58:33 +01:00
|
|
|
}
|
|
|
|
|
}
|
