mirror of
https://github.com/btcpayserver/btcpayserver.git
synced 2025-02-24 06:47:50 +01:00
898f0f4481
* Greenfield: Improve store users API - Adds an endpoint to update store users (before they had to be removed ad re-added) - Checks for the existance of a user and responds with 404 in that case (fixes #6423) - Allows retrieval of user by user id or email for add and update (consistent with the other endpoints) - Improves the API docs for the store users endpoints * Swagger: Reuse UserIdOrEmail parameter component * Add details to store user data
115 lines
4.7 KiB
C#
115 lines
4.7 KiB
C#
using System.Collections.Generic;
|
|
using System.Linq;
|
|
using System.Threading.Tasks;
|
|
using BTCPayServer.Abstractions.Constants;
|
|
using BTCPayServer.Abstractions.Extensions;
|
|
using BTCPayServer.Client;
|
|
using BTCPayServer.Client.Models;
|
|
using BTCPayServer.Data;
|
|
using BTCPayServer.Services.Stores;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Cors;
|
|
using Microsoft.AspNetCore.Identity;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using StoreData = BTCPayServer.Data.StoreData;
|
|
|
|
namespace BTCPayServer.Controllers.Greenfield
|
|
{
|
|
[ApiController]
|
|
[Authorize(AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
|
|
[EnableCors(CorsPolicies.All)]
|
|
public class GreenfieldStoreUsersController : ControllerBase
|
|
{
|
|
private readonly StoreRepository _storeRepository;
|
|
private readonly UserManager<ApplicationUser> _userManager;
|
|
|
|
public GreenfieldStoreUsersController(StoreRepository storeRepository, UserManager<ApplicationUser> userManager)
|
|
{
|
|
_storeRepository = storeRepository;
|
|
_userManager = userManager;
|
|
}
|
|
|
|
[Authorize(Policy = Policies.CanViewStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
|
|
[HttpGet("~/api/v1/stores/{storeId}/users")]
|
|
public async Task<IActionResult> GetStoreUsers()
|
|
{
|
|
var store = HttpContext.GetStoreData();
|
|
return store == null ? StoreNotFound() : Ok(await FromModel(store));
|
|
}
|
|
|
|
[Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
|
|
[HttpDelete("~/api/v1/stores/{storeId}/users/{idOrEmail}")]
|
|
public async Task<IActionResult> RemoveStoreUser(string storeId, string idOrEmail)
|
|
{
|
|
var store = HttpContext.GetStoreData();
|
|
if (store == null) return StoreNotFound();
|
|
|
|
var user = await _userManager.FindByIdOrEmail(idOrEmail);
|
|
if (user == null) return UserNotFound();
|
|
|
|
return await _storeRepository.RemoveStoreUser(storeId, user.Id)
|
|
? Ok()
|
|
: this.CreateAPIError(409, "store-user-role-orphaned", "Removing this user would result in the store having no owner.");
|
|
}
|
|
|
|
[Authorize(Policy = Policies.CanModifyStoreSettings, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
|
|
[HttpPost("~/api/v1/stores/{storeId}/users")]
|
|
[HttpPut("~/api/v1/stores/{storeId}/users/{idOrEmail?}")]
|
|
public async Task<IActionResult> AddOrUpdateStoreUser(string storeId, StoreUserData request, string idOrEmail = null)
|
|
{
|
|
var store = HttpContext.GetStoreData();
|
|
if (store == null) return StoreNotFound();
|
|
|
|
var user = await _userManager.FindByIdOrEmail(idOrEmail ?? request.UserId);
|
|
if (user == null) return UserNotFound();
|
|
|
|
StoreRoleId roleId = null;
|
|
if (request.Role is not null)
|
|
{
|
|
roleId = await _storeRepository.ResolveStoreRoleId(storeId, request.Role);
|
|
if (roleId is null)
|
|
ModelState.AddModelError(nameof(request.Role), "The role id provided does not exist");
|
|
}
|
|
|
|
if (!ModelState.IsValid)
|
|
return this.CreateValidationError(ModelState);
|
|
|
|
var result = string.IsNullOrEmpty(idOrEmail)
|
|
? await _storeRepository.AddStoreUser(storeId, user.Id, roleId)
|
|
: await _storeRepository.AddOrUpdateStoreUser(storeId, user.Id, roleId);
|
|
return result
|
|
? Ok()
|
|
: this.CreateAPIError(409, "duplicate-store-user-role", "The user is already added to the store");
|
|
}
|
|
|
|
private async Task<IEnumerable<StoreUserData>> FromModel(StoreData data)
|
|
{
|
|
var storeUsers = new List<StoreUserData>();
|
|
foreach (var storeUser in data.UserStores)
|
|
{
|
|
var user = await _userManager.FindByIdOrEmail(storeUser.ApplicationUserId);
|
|
var blob = user?.GetBlob();
|
|
storeUsers.Add(new StoreUserData
|
|
{
|
|
UserId = storeUser.ApplicationUserId,
|
|
Role = storeUser.StoreRoleId,
|
|
Email = user?.Email,
|
|
Name = blob?.Name,
|
|
ImageUrl = blob?.ImageUrl,
|
|
|
|
});
|
|
}
|
|
return storeUsers;
|
|
}
|
|
|
|
private IActionResult StoreNotFound()
|
|
{
|
|
return this.CreateAPIError(404, "store-not-found", "The store was not found");
|
|
}
|
|
|
|
private IActionResult UserNotFound()
|
|
{
|
|
return this.CreateAPIError(404, "user-not-found", "The user was not found");
|
|
}
|
|
}
|
|
}
|