diff --git a/BTCPayServer/Controllers/RateController.cs b/BTCPayServer/Controllers/RateController.cs index 67249bd0b..aeaac8fd6 100644 --- a/BTCPayServer/Controllers/RateController.cs +++ b/BTCPayServer/Controllers/RateController.cs @@ -20,7 +20,7 @@ using BTCPayServer.Security.Bitpay; namespace BTCPayServer.Controllers { [EnableCors(CorsPolicies.All)] - [Authorize(Policy = Policies.CanGetRates.Key, AuthenticationSchemes = Security.AuthenticationSchemes.Bitpay)] + [Authorize(Policy = ServerPolicies.CanGetRates.Key, AuthenticationSchemes = Security.AuthenticationSchemes.Bitpay)] public class RateController : Controller { public StoreData CurrentStore diff --git a/BTCPayServer/Controllers/RestApi/Users/UsersController.cs b/BTCPayServer/Controllers/RestApi/Users/UsersController.cs index 883769264..6a7a7aca2 100644 --- a/BTCPayServer/Controllers/RestApi/Users/UsersController.cs +++ b/BTCPayServer/Controllers/RestApi/Users/UsersController.cs @@ -87,7 +87,7 @@ namespace BTCPayServer.Controllers.RestApi.Users if (anyAdmin && request.IsAdministrator is true && !isAuth) return Forbid(AuthenticationSchemes.ApiKey); // You are de-facto admin if there is no other admin, else you need to be auth and pass policy requirements - bool isAdmin = anyAdmin ? (await _authorizationService.AuthorizeAsync(User, null, new PolicyRequirement(Permission.CanModifyServerSettings))).Succeeded + bool isAdmin = anyAdmin ? (await _authorizationService.AuthorizeAsync(User, null, new PolicyRequirement(Policies.CanModifyServerSettings))).Succeeded && isAuth : true; // You need to be admin to create an admin @@ -97,7 +97,7 @@ namespace BTCPayServer.Controllers.RestApi.Users if (!isAdmin && policies.LockSubscription) { // If we are not admin and subscriptions are locked, we need to check the Policies.CanCreateUser.Key permission - var canCreateUser = (await _authorizationService.AuthorizeAsync(User, null, new PolicyRequirement(Permission.CanCreateUser))).Succeeded; + var canCreateUser = (await _authorizationService.AuthorizeAsync(User, null, new PolicyRequirement(Policies.CanCreateUser))).Succeeded; if (!isAuth || !canCreateUser) return Forbid(AuthenticationSchemes.ApiKey); } diff --git a/BTCPayServer/Controllers/ServerController.cs b/BTCPayServer/Controllers/ServerController.cs index 43271d173..a2f7ddd09 100644 --- a/BTCPayServer/Controllers/ServerController.cs +++ b/BTCPayServer/Controllers/ServerController.cs @@ -39,7 +39,7 @@ using BTCPayServer.Client; namespace BTCPayServer.Controllers { - [Authorize(Policy = Policies.CanModifyServerSettings, + [Authorize(Policy = BTCPayServer.Client.Policies.CanModifyServerSettings, AuthenticationSchemes = BTCPayServer.Security.AuthenticationSchemes.Cookie)] public partial class ServerController : Controller { diff --git a/BTCPayServer/Controllers/WalletsController.cs b/BTCPayServer/Controllers/WalletsController.cs index b363aebaa..5eaae18f0 100644 --- a/BTCPayServer/Controllers/WalletsController.cs +++ b/BTCPayServer/Controllers/WalletsController.cs @@ -367,7 +367,7 @@ namespace BTCPayServer.Controllers private async Task CanUseHotWallet() { - var isAdmin = (await _authorizationService.AuthorizeAsync(User, Permission.CanModifyServerSettings)).Succeeded; + var isAdmin = (await _authorizationService.AuthorizeAsync(User, Policies.CanModifyServerSettings)).Succeeded; if (isAdmin) return true; var policies = await _settingsRepository.GetSettingAsync();