Fix build

BTCPayServer.Tests/GreenfieldAPITests.cs

@@ -102,8 +102,8 @@ namespace BTCPayServer.Tests
                 await AssertHttpError(403, async () => await adminClient.CreateUser(new CreateApplicationUserRequest() { Email = "test4@gmail.com", Password = "afewfoiewiou" }));
                 await AssertHttpError(403, async () => await adminClient.CreateUser(new CreateApplicationUserRequest() { Email = "test4@gmail.com", Password = "afewfoiewiou", IsAdministrator = true }));
 
-                // However, should be ok with the server management permissions
-                adminClient = await adminAcc.CreateClient(Policies.CanModifyServerSettings);
+                // However, should be ok with the unrestricted permissions of an admin
+                adminClient = await adminAcc.CreateClient(Policies.Unrestricted);
                 await adminClient.CreateUser(new CreateApplicationUserRequest() { Email = "test4@gmail.com", Password = "afewfoiewiou" });
                 // Even creating new admin should be ok
                 await adminClient.CreateUser(new CreateApplicationUserRequest() { Email = "admin4@gmail.com", Password = "afewfoiewiou", IsAdministrator = true });

BTCPayServer/Controllers/RestApi/UsersController.cs

@@ -87,7 +87,8 @@ namespace BTCPayServer.Controllers.RestApi
             if (anyAdmin && request.IsAdministrator is true && !isAuth)
                 return Forbid(AuthenticationSchemes.ApiKey);
             // You are de-facto admin if there is no other admin, else you need to be auth and pass policy requirements
-            bool isAdmin = anyAdmin ? (await _authorizationService.AuthorizeAsync(User, null, new PolicyRequirement(Policies.CanModifyServerSettings))).Succeeded 
+            bool isAdmin = anyAdmin ? (await _authorizationService.AuthorizeAsync(User, null, new PolicyRequirement(Policies.CanModifyServerSettings))).Succeeded
+                                     && (await _authorizationService.AuthorizeAsync(User, null, new PolicyRequirement(Policies.Unrestricted))).Succeeded
                                      && isAuth
                                     : true;
             // You need to be admin to create an admin

BTCPayServer/Views/Manage/AuthorizeAPIKey.cshtml

@@ -7,7 +7,7 @@
     Layout = "_Layout";
     ViewData["Title"] = $"Authorize {(Model.ApplicationName ?? "Application")}";
     var permissions = Permission.ToPermissions(Model.Permissions);
-    var hasStorePermission = permissions.Any(p => p.Policy == Permission.CanModifyStoreSettings);
+    var hasStorePermission = permissions.Any(p => p.Policy == Policies.CanModifyStoreSettings);
 }
 
 <partial name="_StatusMessage"/>

BTCPayServer/wwwroot/swagger/v1/swagger.template.json

@@ -143,7 +143,7 @@
                                     },
                                     "isAdministrator": {
                                         "type": "boolean",
-                                        "description": "Make this user administrator (only if your APIKey has ServerManagment permission)",
+                                        "description": "Make this user administrator (only if your APIKey has `unrestricted` permission of a server administrator)",
                                         "nullable": true,
                                         "default": false
                                     }