mirrors/btcpayserver
1
0
Fork 0
mirror of https://github.com/btcpayserver/btcpayserver.git synced 2025-01-18 21:32:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

[Greenfield] Send forbid 403 rather than empty results on /api/v1/stores (#3215)

Browse Source
This commit is contained in:
Nicolas Dorier 2021-12-19 01:01:54 +09:00 committed by GitHub
parent 163d1a195d
commit c68141119c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
BTCPayServer.Tests/GreenfieldAPITests.cs
View File

@ -656,6 +656,8 @@ namespace BTCPayServer.Tests
await user.CreateClient(Permission.Create(Policies.CanViewStoreSettings, user.StoreId).ToString());
Assert.Single(await scopedClient.GetStores());
var noauth = await user.CreateClient(Array.Empty<string>());
await AssertAPIError("missing-permission", () => noauth.GetStores());
// We strip the user's Owner right, so the key should not work
using var ctx = tester.PayTester.GetService<Data.ApplicationDbContextFactory>().CreateContext();

2
BTCPayServer/Security/GreenField/GreenFieldAuthorizationHandler.cs
View File

@ -94,6 +94,8 @@ namespace BTCPayServer.Security.GreenField
if (context.HasPermission(Permission.Create(policy, store.Id), requiredUnscoped))
permissionedStores.Add(store);
}
if (!requiredUnscoped && permissionedStores.Count is 0)
break;
_HttpContext.SetStoresData(permissionedStores.ToArray());
success = true;
}