Do not through missing-permission error when no store on /api/v1/stores (Close #4735) (#4748)

2024-11-19 01:43:50 +01:00 · 2023-03-08 21:36:51 +09:00 · 2023-03-08 21:36:51 +09:00 · 98d62e826b
commit 98d62e826b
parent 7b5ce8f70c
6 changed files with 20 additions and 12 deletions
--- a/BTCPayServer.Tests/ApiKeysTests.cs
+++ b/BTCPayServer.Tests/ApiKeysTests.cs
@ -286,7 +286,7 @@ namespace BTCPayServer.Tests
            if (permissions.Contains(canModifyAllStores) || storePermissions.Any())
            {
                var resultStores =
-                    await TestApiAgainstAccessToken<StoreData[]>(accessToken, $"{TestApiPath}/me/stores",
+                    await TestApiAgainstAccessToken<Client.Models.StoreData[]>(accessToken, $"{TestApiPath}/me/stores",
                        tester.PayTester.HttpClient);

                foreach (var selectiveStorePermission in storePermissions)
--- a/BTCPayServer.Tests/GreenfieldAPITests.cs
+++ b/BTCPayServer.Tests/GreenfieldAPITests.cs
@ -1305,15 +1305,21 @@ namespace BTCPayServer.Tests
                await user.CreateClient(Permission.Create(Policies.CanViewStoreSettings, user.StoreId).ToString());
            Assert.Single(await scopedClient.GetStores());

-            var noauth = await user.CreateClient(Array.Empty<string>());
-            await AssertAPIError("missing-permission", () => noauth.GetStores());
-
            // We strip the user's Owner right, so the key should not work
            using var ctx = tester.PayTester.GetService<Data.ApplicationDbContextFactory>().CreateContext();
            var storeEntity = await ctx.UserStore.SingleAsync(u => u.ApplicationUserId == user.UserId && u.StoreDataId == newStore.Id);
            storeEntity.Role = "Guest";
            await ctx.SaveChangesAsync();
            await AssertHttpError(403, async () => await client.UpdateStore(newStore.Id, new UpdateStoreRequest() { Name = "B" }));
+
+            client = await user.CreateClient(Policies.Unrestricted);
+            stores = await client.GetStores();
+            foreach (var s2 in stores)
+            {
+                await tester.PayTester.StoreRepository.DeleteStore(s2.Id);
+            }
+            tester.DeleteStore = false;
+            Assert.Empty(await client.GetStores());
        }

        private async Task<GreenfieldValidationException> AssertValidationError(string[] fields, Func<Task> act)
--- a/BTCPayServer.Tests/ServerTester.cs
+++ b/BTCPayServer.Tests/ServerTester.cs
@ -246,15 +246,18 @@ namespace BTCPayServer.Tests
        }

        public List<string> Stores { get; internal set; } = new List<string>();
-
+        public bool DeleteStore { get; set; } = true;
        public void Dispose()
        {
            foreach (var r in this.Resources)
                r.Dispose();
            TestLogs.LogInformation("Disposing the BTCPayTester...");
-            foreach (var store in Stores)
+            if (DeleteStore)
            {
-                Xunit.Assert.True(PayTester.StoreRepository.DeleteStore(store).GetAwaiter().GetResult());
+                foreach (var store in Stores)
+                {
+                    Xunit.Assert.True(PayTester.StoreRepository.DeleteStore(store).GetAwaiter().GetResult());
+                }
            }
            if (PayTester != null)
                PayTester.Dispose();
--- a/BTCPayServer/Controllers/GreenField/GreenfieldStoresController.cs
+++ b/BTCPayServer/Controllers/GreenField/GreenfieldStoresController.cs
@ -112,7 +112,7 @@ namespace BTCPayServer.Controllers.Greenfield
            return Ok(FromModel(store));
        }

-        private Client.Models.StoreData FromModel(Data.StoreData data)
+        internal static Client.Models.StoreData FromModel(Data.StoreData data)
        {
            var storeBlob = data.GetStoreBlob();
            return new Client.Models.StoreData()
--- a/BTCPayServer/Controllers/GreenField/GreenfieldTestApiKeyController.cs
+++ b/BTCPayServer/Controllers/GreenField/GreenfieldTestApiKeyController.cs
@ -1,3 +1,4 @@
+using System.Linq;
 using System.Threading.Tasks;
 using BTCPayServer.Abstractions.Constants;
 using BTCPayServer.Client;
@ -52,9 +53,9 @@ namespace BTCPayServer.Controllers.Greenfield

        [HttpGet("me/stores")]
        [Authorize(Policy = Policies.CanViewStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
-        public StoreData[] GetCurrentUserStores()
+        public BTCPayServer.Client.Models.StoreData[] GetCurrentUserStores()
        {
-            return this.HttpContext.GetStoresData();
+            return this.HttpContext.GetStoresData().Select(Greenfield.GreenfieldStoresController.FromModel).ToArray();
        }

        [HttpGet("me/stores/{storeId}/can-view")]
--- a/BTCPayServer/Security/GreenField/GreenFieldAuthorizationHandler.cs
+++ b/BTCPayServer/Security/GreenField/GreenFieldAuthorizationHandler.cs
@ -118,8 +118,6 @@ namespace BTCPayServer.Security.Greenfield
                            if (context.HasPermission(Permission.Create(policy, store.Id), requiredUnscoped))
                                permissionedStores.Add(store);
                        }
-                        if (!requiredUnscoped && permissionedStores.Count is 0)
-                            break;
                        _httpContext.SetStoresData(permissionedStores.ToArray());
                        success = true;
                    }