btcpayserver/BTCPayServer/Controllers/UIStoresController.Roles.cs

using System.Linq;
using System.Threading.Tasks;
using BTCPayServer.Abstractions.Constants;
using BTCPayServer.Abstractions.Extensions;
using BTCPayServer.Abstractions.Models;
using BTCPayServer.Client;
using BTCPayServer.Models.ServerViewModels;
using BTCPayServer.Services.Stores;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;

namespace BTCPayServer.Controllers
{
    public partial class UIStoresController
    {
        [HttpGet("{storeId}/roles")]
        public async Task<IActionResult> ListRoles(
            string storeId,
            [FromServices] StoreRepository storeRepository,
            RolesViewModel model,
            string sortOrder = null
        )
        {
            var roles = await storeRepository.GetStoreRoles(storeId, true);
            var defaultRole = (await storeRepository.GetDefaultRole()).Role;
            model ??= new RolesViewModel();
            model.DefaultRole = defaultRole;

            switch (sortOrder)
            {
                case "desc":
                    ViewData["NextRoleSortOrder"] = "asc";
                    roles = roles.OrderByDescending(user => user.Role).ToArray();
                    break;
                case "asc":
                    roles = roles.OrderBy(user => user.Role).ToArray();
                    ViewData["NextRoleSortOrder"] = "desc";
                    break;
            }

            model.Roles = roles.Skip(model.Skip).Take(model.Count).ToList();

            return View(model);
        }

        [HttpGet("{storeId}/roles/{role}")]
        [Authorize(Policy = Policies.CanViewStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
        public async Task<IActionResult> CreateOrEditRole(
            string storeId,
            [FromServices] StoreRepository storeRepository,
            string role)
        {
            if (role == "create")
            {
                ModelState.Remove(nameof(role));
                return View(new UpdateRoleViewModel());
            }

            var roleData = await storeRepository.GetStoreRole(new StoreRoleId(storeId, role));
            if (roleData == null)
                return NotFound();
            return View(new UpdateRoleViewModel
            {
                Policies = roleData.Permissions,
                Role = roleData.Role
            });
        }

        [HttpPost("{storeId}/roles/{role}")]
        [Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
        public async Task<IActionResult> CreateOrEditRole(
            string storeId,
            [FromServices] StoreRepository storeRepository,
            [FromRoute] string role, UpdateRoleViewModel viewModel)
        {
            string successMessage;
            StoreRoleId roleId;
            if (role == "create")
            {
                successMessage = "Role created";
                role = viewModel.Role;
                roleId = new StoreRoleId(storeId, role);
            }
            else
            {
                successMessage = "Role updated";
                roleId = new StoreRoleId(storeId, role);
                var storeRole = await storeRepository.GetStoreRole(roleId);
                if (storeRole == null)
                    return NotFound();
            }

            if (!ModelState.IsValid)
            {
                return View(viewModel);
            }

            var r = await storeRepository.AddOrUpdateStoreRole(roleId, viewModel.Policies);
            if (r is null)
            {
                TempData.SetStatusMessageModel(new StatusMessageModel()
                {
                    Severity = StatusMessageModel.StatusSeverity.Error,
                    Message = "Role could not be updated"
                });
                return View(viewModel);
            }

            TempData.SetStatusMessageModel(new StatusMessageModel()
            {
                Severity = StatusMessageModel.StatusSeverity.Success,
                Message = successMessage
            });

            return RedirectToAction(nameof(ListRoles), new { storeId });
        }

        [HttpGet("{storeId}/roles/{role}/delete")]
        [Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
        public async Task<IActionResult> DeleteRole(
            string storeId,
            [FromServices] StoreRepository storeRepository,
            string role)
        {
            var roleData = await storeRepository.GetStoreRole(new StoreRoleId(storeId, role), true);
            if (roleData == null)
                return NotFound();

            return View("Confirm",
                roleData.IsUsed is true
                    ? new ConfirmModel("Delete role",
                        $"Unable to proceed: The role <strong>{_html.Encode(roleData.Role)}</strong> is currently assigned to one or more users, it cannot be removed.")
                    : new ConfirmModel("Delete role",
                        $"The role <strong>{_html.Encode(roleData.Role)}</strong> will be permanently deleted. Are you sure?",
                        "Delete"));
        }

        [HttpPost("{storeId}/roles/{role}/delete")]
        [Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)]
        public async Task<IActionResult> DeleteRolePost(
            string storeId,
            [FromServices] StoreRepository storeRepository,
            string role)
        {
            var roleId = new StoreRoleId(storeId, role);
            var roleData = await storeRepository.GetStoreRole(roleId, true);
            if (roleData == null)
                return NotFound();
            if (roleData.IsUsed is true)
            {
                return BadRequest();
            }
            await storeRepository.RemoveStoreRole(roleId);

            TempData[WellKnownTempData.SuccessMessage] = "Role deleted";
            return RedirectToAction(nameof(ListRoles), new { storeId });
        }
    }
}
Store Custom Roles (#4940) 2023-05-26 16:49:32 +02:00			`using System.Linq;`
			`using System.Threading.Tasks;`
			`using BTCPayServer.Abstractions.Constants;`
			`using BTCPayServer.Abstractions.Extensions;`
			`using BTCPayServer.Abstractions.Models;`
Support Admin being able to view stores (#5782) * Support Admin being able to view stores * fix null check * Delete obsolete empty view * Add test * Apply CanViewStoreSettings policy changes Taken from #5719 * Fix Selenium tests * Update dashboard permission requirement --------- Co-authored-by: Dennis Reimann <mail@dennisreimann.de> 2024-03-14 10:25:40 +01:00			`using BTCPayServer.Client;`
Store Custom Roles (#4940) 2023-05-26 16:49:32 +02:00			`using BTCPayServer.Models.ServerViewModels;`
			`using BTCPayServer.Services.Stores;`
Support Admin being able to view stores (#5782) * Support Admin being able to view stores * fix null check * Delete obsolete empty view * Add test * Apply CanViewStoreSettings policy changes Taken from #5719 * Fix Selenium tests * Update dashboard permission requirement --------- Co-authored-by: Dennis Reimann <mail@dennisreimann.de> 2024-03-14 10:25:40 +01:00			`using Microsoft.AspNetCore.Authorization;`
Store Custom Roles (#4940) 2023-05-26 16:49:32 +02:00			`using Microsoft.AspNetCore.Mvc;`

			`namespace BTCPayServer.Controllers`
			`{`
			`public partial class UIStoresController`
			`{`
Onboarding: Invite new users on store level (#5719) * Onboarding: Invite new users - Separates the user self-registration and invite cases - Adds invitation email for users created by the admin - Adds invitation tokens to verify user was invited - Adds handler action for invite links - Refactors `UserEventHostedService` - Fixes #5726. * Add permissioned form tag helper * Better way of changing a user's role * Test fixes 2024-03-19 14:58:33 +01:00			`[HttpGet("{storeId}/roles")]`
Store Custom Roles (#4940) 2023-05-26 16:49:32 +02:00			`public async Task<IActionResult> ListRoles(`
			`string storeId,`
			`[FromServices] StoreRepository storeRepository,`
			`RolesViewModel model,`
			`string sortOrder = null`
			`)`
			`{`
Onboarding: Invite new users on store level (#5719) * Onboarding: Invite new users - Separates the user self-registration and invite cases - Adds invitation email for users created by the admin - Adds invitation tokens to verify user was invited - Adds handler action for invite links - Refactors `UserEventHostedService` - Fixes #5726. * Add permissioned form tag helper * Better way of changing a user's role * Test fixes 2024-03-19 14:58:33 +01:00			`var roles = await storeRepository.GetStoreRoles(storeId, true);`
			`var defaultRole = (await storeRepository.GetDefaultRole()).Role;`
Store Custom Roles (#4940) 2023-05-26 16:49:32 +02:00			`model ??= new RolesViewModel();`
Onboarding: Invite new users on store level (#5719) * Onboarding: Invite new users - Separates the user self-registration and invite cases - Adds invitation email for users created by the admin - Adds invitation tokens to verify user was invited - Adds handler action for invite links - Refactors `UserEventHostedService` - Fixes #5726. * Add permissioned form tag helper * Better way of changing a user's role * Test fixes 2024-03-19 14:58:33 +01:00			`model.DefaultRole = defaultRole;`
Store Custom Roles (#4940) 2023-05-26 16:49:32 +02:00
Onboarding: Invite new users on store level (#5719) * Onboarding: Invite new users - Separates the user self-registration and invite cases - Adds invitation email for users created by the admin - Adds invitation tokens to verify user was invited - Adds handler action for invite links - Refactors `UserEventHostedService` - Fixes #5726. * Add permissioned form tag helper * Better way of changing a user's role * Test fixes 2024-03-19 14:58:33 +01:00			`switch (sortOrder)`
Store Custom Roles (#4940) 2023-05-26 16:49:32 +02:00			`{`
Onboarding: Invite new users on store level (#5719) * Onboarding: Invite new users - Separates the user self-registration and invite cases - Adds invitation email for users created by the admin - Adds invitation tokens to verify user was invited - Adds handler action for invite links - Refactors `UserEventHostedService` - Fixes #5726. * Add permissioned form tag helper * Better way of changing a user's role * Test fixes 2024-03-19 14:58:33 +01:00			`case "desc":`
			`ViewData["NextRoleSortOrder"] = "asc";`
			`roles = roles.OrderByDescending(user => user.Role).ToArray();`
			`break;`
			`case "asc":`
			`roles = roles.OrderBy(user => user.Role).ToArray();`
			`ViewData["NextRoleSortOrder"] = "desc";`
			`break;`
Store Custom Roles (#4940) 2023-05-26 16:49:32 +02:00			`}`

			`model.Roles = roles.Skip(model.Skip).Take(model.Count).ToList();`

			`return View(model);`
			`}`

			`[HttpGet("{storeId}/roles/{role}")]`
Onboarding: Invite new users on store level (#5719) * Onboarding: Invite new users - Separates the user self-registration and invite cases - Adds invitation email for users created by the admin - Adds invitation tokens to verify user was invited - Adds handler action for invite links - Refactors `UserEventHostedService` - Fixes #5726. * Add permissioned form tag helper * Better way of changing a user's role * Test fixes 2024-03-19 14:58:33 +01:00			`[Authorize(Policy = Policies.CanViewStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)]`
Store Custom Roles (#4940) 2023-05-26 16:49:32 +02:00			`public async Task<IActionResult> CreateOrEditRole(`
			`string storeId,`
			`[FromServices] StoreRepository storeRepository,`
			`string role)`
			`{`
			`if (role == "create")`
			`{`
			`ModelState.Remove(nameof(role));`
			`return View(new UpdateRoleViewModel());`
			`}`
Support Admin being able to view stores (#5782) * Support Admin being able to view stores * fix null check * Delete obsolete empty view * Add test * Apply CanViewStoreSettings policy changes Taken from #5719 * Fix Selenium tests * Update dashboard permission requirement --------- Co-authored-by: Dennis Reimann <mail@dennisreimann.de> 2024-03-14 10:25:40 +01:00
			`var roleData = await storeRepository.GetStoreRole(new StoreRoleId(storeId, role));`
			`if (roleData == null)`
			`return NotFound();`
			`return View(new UpdateRoleViewModel`
Store Custom Roles (#4940) 2023-05-26 16:49:32 +02:00			`{`
Support Admin being able to view stores (#5782) * Support Admin being able to view stores * fix null check * Delete obsolete empty view * Add test * Apply CanViewStoreSettings policy changes Taken from #5719 * Fix Selenium tests * Update dashboard permission requirement --------- Co-authored-by: Dennis Reimann <mail@dennisreimann.de> 2024-03-14 10:25:40 +01:00			`Policies = roleData.Permissions,`
			`Role = roleData.Role`
			`});`
			`}`

Store Custom Roles (#4940) 2023-05-26 16:49:32 +02:00			`[HttpPost("{storeId}/roles/{role}")]`
Support Admin being able to view stores (#5782) * Support Admin being able to view stores * fix null check * Delete obsolete empty view * Add test * Apply CanViewStoreSettings policy changes Taken from #5719 * Fix Selenium tests * Update dashboard permission requirement --------- Co-authored-by: Dennis Reimann <mail@dennisreimann.de> 2024-03-14 10:25:40 +01:00			`[Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)]`
Store Custom Roles (#4940) 2023-05-26 16:49:32 +02:00			`public async Task<IActionResult> CreateOrEditRole(`
			`string storeId,`
			`[FromServices] StoreRepository storeRepository,`
			`[FromRoute] string role, UpdateRoleViewModel viewModel)`
			`{`
Code cleanups 2024-04-04 10:58:47 +02:00			`string successMessage;`
Store Custom Roles (#4940) 2023-05-26 16:49:32 +02:00			`StoreRoleId roleId;`
			`if (role == "create")`
			`{`
			`successMessage = "Role created";`
			`role = viewModel.Role;`
			`roleId = new StoreRoleId(storeId, role);`
			`}`
			`else`
			`{`
			`successMessage = "Role updated";`
			`roleId = new StoreRoleId(storeId, role);`
			`var storeRole = await storeRepository.GetStoreRole(roleId);`
			`if (storeRole == null)`
			`return NotFound();`
			`}`

			`if (!ModelState.IsValid)`
			`{`
			`return View(viewModel);`
			`}`

			`var r = await storeRepository.AddOrUpdateStoreRole(roleId, viewModel.Policies);`
			`if (r is null)`
			`{`
			`TempData.SetStatusMessageModel(new StatusMessageModel()`
			`{`
			`Severity = StatusMessageModel.StatusSeverity.Error,`
			`Message = "Role could not be updated"`
			`});`
			`return View(viewModel);`
			`}`

			`TempData.SetStatusMessageModel(new StatusMessageModel()`
			`{`
			`Severity = StatusMessageModel.StatusSeverity.Success,`
			`Message = successMessage`
			`});`

			`return RedirectToAction(nameof(ListRoles), new { storeId });`
			`}`

			`[HttpGet("{storeId}/roles/{role}/delete")]`
Support Admin being able to view stores (#5782) * Support Admin being able to view stores * fix null check * Delete obsolete empty view * Add test * Apply CanViewStoreSettings policy changes Taken from #5719 * Fix Selenium tests * Update dashboard permission requirement --------- Co-authored-by: Dennis Reimann <mail@dennisreimann.de> 2024-03-14 10:25:40 +01:00			`[Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)]`
Store Custom Roles (#4940) 2023-05-26 16:49:32 +02:00			`public async Task<IActionResult> DeleteRole(`
			`string storeId,`
			`[FromServices] StoreRepository storeRepository,`
			`string role)`
			`{`
Code cleanups 2024-04-04 10:58:47 +02:00			`var roleData = await storeRepository.GetStoreRole(new StoreRoleId(storeId, role), true);`
Store Custom Roles (#4940) 2023-05-26 16:49:32 +02:00			`if (roleData == null)`
			`return NotFound();`

			`return View("Confirm",`
			`roleData.IsUsed is true`
			`? new ConfirmModel("Delete role",`
Rename and clean up properties 2024-04-04 10:44:08 +02:00			`$"Unable to proceed: The role <strong>{_html.Encode(roleData.Role)}</strong> is currently assigned to one or more users, it cannot be removed.")`
Store Custom Roles (#4940) 2023-05-26 16:49:32 +02:00			`: new ConfirmModel("Delete role",`
Rename and clean up properties 2024-04-04 10:44:08 +02:00			`$"The role <strong>{_html.Encode(roleData.Role)}</strong> will be permanently deleted. Are you sure?",`
Store Custom Roles (#4940) 2023-05-26 16:49:32 +02:00			`"Delete"));`
			`}`

fix store role deletion fixes #5027 2023-05-31 13:42:38 +02:00			`[HttpPost("{storeId}/roles/{role}/delete")]`
Support Admin being able to view stores (#5782) * Support Admin being able to view stores * fix null check * Delete obsolete empty view * Add test * Apply CanViewStoreSettings policy changes Taken from #5719 * Fix Selenium tests * Update dashboard permission requirement --------- Co-authored-by: Dennis Reimann <mail@dennisreimann.de> 2024-03-14 10:25:40 +01:00			`[Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Cookie)]`
Store Custom Roles (#4940) 2023-05-26 16:49:32 +02:00			`public async Task<IActionResult> DeleteRolePost(`
			`string storeId,`
			`[FromServices] StoreRepository storeRepository,`
			`string role)`
			`{`
			`var roleId = new StoreRoleId(storeId, role);`
			`var roleData = await storeRepository.GetStoreRole(roleId, true);`
			`if (roleData == null)`
			`return NotFound();`
			`if (roleData.IsUsed is true)`
			`{`
			`return BadRequest();`
			`}`
			`await storeRepository.RemoveStoreRole(roleId);`

			`TempData[WellKnownTempData.SuccessMessage] = "Role deleted";`
			`return RedirectToAction(nameof(ListRoles), new { storeId });`
			`}`
			`}`
			`}`