mirrors/btcpayserver
1
0
Fork 0
mirror of https://github.com/btcpayserver/btcpayserver.git synced 2025-03-03 17:36:59 +01:00
Code Issues Projects Releases Packages Wiki Activity

Simplify DeleteUser method

Browse source
This commit is contained in:
Umar Bolatov 2021-04-04 16:36:19 -07:00
parent 2ed8341403
commit 104092702a
No known key found for this signature in database
GPG key ID: 2C1F9AEB371D2A28
1 changed files with 3 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
BTCPayServer/Controllers/GreenField/UsersController.cs
View file

@ -183,9 +183,8 @@ namespace BTCPayServer.Controllers.GreenField
[Authorize(Policy = Policies.CanDeleteUser, AuthenticationSchemes = AuthenticationSchemes.GreenfieldAPIKeys)]
public async Task<ActionResult<ApplicationUserData>> DeleteUser(string userId)
{
var isAdmin = await IsAdmin();
// Only admins should be allowed to delete users
if (!isAdmin)
if (!User.IsInRole(Roles.ServerAdmin))
{
return Forbid(AuthenticationSchemes.GreenfieldBasic);
}
@ -196,18 +195,16 @@ namespace BTCPayServer.Controllers.GreenField
return NotFound();
}
var roles = await _userManager.GetRolesAsync(user);
// We can safely delete the user if it's not an admin user
if (!_userService.IsRoleAdmin(roles))
if (!_userService.IsRoleAdmin(await _userManager.GetRolesAsync(user)))
{
await _userService.DeleteUserAndAssociatedData(user);
return Ok();
}
var admins = await _userManager.GetUsersInRoleAsync(Roles.ServerAdmin);
// User shouldn't be deleted if it's the only admin
if (admins.Count == 1)
if ((await _userManager.GetUsersInRoleAsync(Roles.ServerAdmin)).Count == 1)
{
return Forbid(AuthenticationSchemes.GreenfieldBasic);
}