mirrors/btcpayserver
1
0
Fork 0
mirror of https://github.com/btcpayserver/btcpayserver.git synced 2025-02-23 14:40:36 +01:00
Code Issues Projects Releases Packages Wiki Activity

Refactoring if condition to ensure CanCreateUser permission

Browse source 
Fixing UsersControllerTests
This commit is contained in:
rockstardev 2020-03-18 18:40:21 -05:00
parent 47c1164003
commit 0a8abaf7d5
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
BTCPayServer/Controllers/RestApi/Users/UsersController.cs
View file

@ -90,10 +90,10 @@ namespace BTCPayServer.Controllers.RestApi.Users
return Forbid(AuthenticationSchemes.ApiKey);
}
if (!isAdmin && policies.LockSubscription)
// check if we have permission to create users
var canCreateUser = (await _authorizationService.AuthorizeAsync(User, null, new PolicyRequirement(Policies.CanCreateUser.Key))).Succeeded;
if (!canCreateUser)
{
// If we are not admin and subscriptions are locked, we need to check the Policies.CanCreateUser.Key permission
if (!isAuth || !(await _authorizationService.AuthorizeAsync(User, null, new PolicyRequirement(Policies.CanCreateUser.Key))).Succeeded)
return Forbid(AuthenticationSchemes.ApiKey);
}