Reverting changes to UsersController because of CanCreateUsersViaAPI test

This commit is contained in:
rockstardev 2020-03-18 18:55:45 -05:00
parent 0a8abaf7d5
commit ccfca65c41

View File

@ -90,10 +90,10 @@ namespace BTCPayServer.Controllers.RestApi.Users
return Forbid(AuthenticationSchemes.ApiKey); return Forbid(AuthenticationSchemes.ApiKey);
} }
// check if we have permission to create users if (!isAdmin && policies.LockSubscription)
var canCreateUser = (await _authorizationService.AuthorizeAsync(User, null, new PolicyRequirement(Policies.CanCreateUser.Key))).Succeeded;
if (!canCreateUser)
{ {
// If we are not admin and subscriptions are locked, we need to check the Policies.CanCreateUser.Key permission
if (!isAuth || !(await _authorizationService.AuthorizeAsync(User, null, new PolicyRequirement(Policies.CanCreateUser.Key))).Succeeded)
return Forbid(AuthenticationSchemes.ApiKey); return Forbid(AuthenticationSchemes.ApiKey);
} }