mirrors/btcpayserver
1
0
Fork 0
mirror of https://github.com/btcpayserver/btcpayserver.git synced 2025-03-04 01:53:52 +01:00
Code Issues Projects Releases Packages Wiki Activity

Simplify DeleteUser method

Browse source
This commit is contained in:
Umar Bolatov 2021-04-04 16:36:19 -07:00
parent 2ed8341403
commit 104092702a
No known key found for this signature in database
GPG key ID: 2C1F9AEB371D2A28
1 changed files with 3 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
BTCPayServer/Controllers/GreenField/UsersController.cs
View file

@ -183,9 +183,8 @@ namespace BTCPayServer.Controllers.GreenField
[Authorize(Policy = Policies.CanDeleteUser, AuthenticationSchemes = AuthenticationSchemes.GreenfieldAPIKeys)] [Authorize(Policy = Policies.CanDeleteUser, AuthenticationSchemes = AuthenticationSchemes.GreenfieldAPIKeys)]
public async Task<ActionResult<ApplicationUserData>> DeleteUser(string userId) public async Task<ActionResult<ApplicationUserData>> DeleteUser(string userId)
{ {
var isAdmin = await IsAdmin();
// Only admins should be allowed to delete users // Only admins should be allowed to delete users
if (!isAdmin) if (!User.IsInRole(Roles.ServerAdmin))
{ {
return Forbid(AuthenticationSchemes.GreenfieldBasic); return Forbid(AuthenticationSchemes.GreenfieldBasic);
} }
@ -196,18 +195,16 @@ namespace BTCPayServer.Controllers.GreenField
return NotFound(); return NotFound();
} }
var roles = await _userManager.GetRolesAsync(user);
// We can safely delete the user if it's not an admin user // We can safely delete the user if it's not an admin user
if (!_userService.IsRoleAdmin(roles)) if (!_userService.IsRoleAdmin(await _userManager.GetRolesAsync(user)))
{ {
await _userService.DeleteUserAndAssociatedData(user); await _userService.DeleteUserAndAssociatedData(user);
return Ok(); return Ok();
} }
var admins = await _userManager.GetUsersInRoleAsync(Roles.ServerAdmin);
// User shouldn't be deleted if it's the only admin // User shouldn't be deleted if it's the only admin
if (admins.Count == 1) if ((await _userManager.GetUsersInRoleAsync(Roles.ServerAdmin)).Count == 1)
{ {
return Forbid(AuthenticationSchemes.GreenfieldBasic); return Forbid(AuthenticationSchemes.GreenfieldBasic);
} }