mirrors/btcpayserver
1
0
Fork 0
mirror of https://github.com/btcpayserver/btcpayserver.git synced 2024-11-19 09:54:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Redirect on 403 page rather than crashing if permission missing

Browse Source
This commit is contained in:
nicolas.dorier 2022-02-02 20:24:22 +09:00
parent aab1eb0d36
commit 93b52fbdb3
No known key found for this signature in database
GPG Key ID: 6618763EF09186FE
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
BTCPayServer/Controllers/UIInvoiceController.UI.cs
View File

@ -406,7 +406,7 @@ namespace BTCPayServer.Controllers
}
[HttpPost("invoices/{invoiceId}/archive")]
[Authorize(AuthenticationSchemes = AuthenticationSchemes.Cookie)]
[Authorize(AuthenticationSchemes = AuthenticationSchemes.Cookie, Policy = Policies.CanViewInvoices)]
[BitpayAPIConstraint(false)]
public async Task<IActionResult> ToggleArchive(string invoiceId)
{
@ -430,6 +430,7 @@ namespace BTCPayServer.Controllers
}
[HttpPost]
[Authorize(AuthenticationSchemes = AuthenticationSchemes.Cookie, Policy = Policies.CanViewInvoices)]
public async Task<IActionResult> MassAction(string command, string[] selectedItems, string? storeId = null)
{
if (selectedItems != null)
@ -812,7 +813,7 @@ namespace BTCPayServer.Controllers
}
[HttpGet]
[Authorize(AuthenticationSchemes = AuthenticationSchemes.Cookie)]
[Authorize(AuthenticationSchemes = AuthenticationSchemes.Cookie, Policy = Policies.CanViewInvoices)]
[BitpayAPIConstraint(false)]
public async Task<IActionResult> Export(string format, string? searchTerm = null, int timezoneOffset = 0)
{
@ -948,7 +949,7 @@ namespace BTCPayServer.Controllers
[HttpPost]
[Route("invoices/{invoiceId}/changestate/{newState}")]
[Route("stores/{storeId}/invoices/{invoiceId}/changestate/{newState}")]
[Authorize(AuthenticationSchemes = AuthenticationSchemes.Cookie)]
[Authorize(AuthenticationSchemes = AuthenticationSchemes.Cookie, Policy = Policies.CanViewInvoices)]
[BitpayAPIConstraint(false)]
public async Task<IActionResult> ChangeInvoiceState(string invoiceId, string newState)
{