mirrors/btcpayserver
1
0
Fork 0
mirror of https://github.com/btcpayserver/btcpayserver.git synced 2024-11-20 02:28:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Reverting changes to UsersController because of CanCreateUsersViaAPI test

Browse Source
This commit is contained in:
rockstardev 2020-03-18 18:55:45 -05:00
parent 0a8abaf7d5
commit ccfca65c41
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
BTCPayServer/Controllers/RestApi/Users/UsersController.cs
View File

@ -90,11 +90,11 @@ namespace BTCPayServer.Controllers.RestApi.Users
return Forbid(AuthenticationSchemes.ApiKey);
}
// check if we have permission to create users
var canCreateUser = (await _authorizationService.AuthorizeAsync(User, null, new PolicyRequirement(Policies.CanCreateUser.Key))).Succeeded;
if (!canCreateUser)
if (!isAdmin && policies.LockSubscription)
{
return Forbid(AuthenticationSchemes.ApiKey);
// If we are not admin and subscriptions are locked, we need to check the Policies.CanCreateUser.Key permission
if (!isAuth || !(await _authorizationService.AuthorizeAsync(User, null, new PolicyRequirement(Policies.CanCreateUser.Key))).Succeeded)
return Forbid(AuthenticationSchemes.ApiKey);
}
var user = new ApplicationUser