mirror of
https://github.com/btcpayserver/btcpayserver.git
synced 2024-11-20 02:28:31 +01:00
Reverting changes to UsersController because of CanCreateUsersViaAPI test
This commit is contained in:
parent
0a8abaf7d5
commit
ccfca65c41
@ -90,10 +90,10 @@ namespace BTCPayServer.Controllers.RestApi.Users
|
|||||||
return Forbid(AuthenticationSchemes.ApiKey);
|
return Forbid(AuthenticationSchemes.ApiKey);
|
||||||
}
|
}
|
||||||
|
|
||||||
// check if we have permission to create users
|
if (!isAdmin && policies.LockSubscription)
|
||||||
var canCreateUser = (await _authorizationService.AuthorizeAsync(User, null, new PolicyRequirement(Policies.CanCreateUser.Key))).Succeeded;
|
|
||||||
if (!canCreateUser)
|
|
||||||
{
|
{
|
||||||
|
// If we are not admin and subscriptions are locked, we need to check the Policies.CanCreateUser.Key permission
|
||||||
|
if (!isAuth || !(await _authorizationService.AuthorizeAsync(User, null, new PolicyRequirement(Policies.CanCreateUser.Key))).Succeeded)
|
||||||
return Forbid(AuthenticationSchemes.ApiKey);
|
return Forbid(AuthenticationSchemes.ApiKey);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user