2022-02-13 23:39:27 +08:00
|
|
|
// Copyright 2021 The Casdoor Authors. All Rights Reserved.
|
2020-12-20 20:31:48 +08:00
|
|
|
//
|
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
|
//
|
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
//
|
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
|
// limitations under the License.
|
|
|
|
|
|
|
|
|
|
package object
|
|
|
|
|
|
|
|
|
|
import (
|
2022-07-30 18:17:13 +08:00
|
|
|
"fmt"
|
2022-11-02 00:17:38 +08:00
|
|
|
"strings"
|
2022-07-30 18:17:13 +08:00
|
|
|
|
2022-01-20 14:11:46 +08:00
|
|
|
"github.com/casdoor/casdoor/cred"
|
2022-10-23 15:16:24 +08:00
|
|
|
"github.com/casdoor/casdoor/i18n"
|
2022-01-20 14:11:46 +08:00
|
|
|
"github.com/casdoor/casdoor/util"
|
2020-12-20 20:31:48 +08:00
|
|
|
"xorm.io/core"
|
|
|
|
|
)
|
|
|
|
|
|
2022-06-18 01:41:21 +08:00
|
|
|
type AccountItem struct {
|
|
|
|
|
Name string `json:"name"`
|
|
|
|
|
Visible bool `json:"visible"`
|
|
|
|
|
ViewRule string `json:"viewRule"`
|
|
|
|
|
ModifyRule string `json:"modifyRule"`
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-20 20:31:48 +08:00
|
|
|
type Organization struct {
|
|
|
|
|
Owner string `xorm:"varchar(100) notnull pk" json:"owner"`
|
|
|
|
|
Name string `xorm:"varchar(100) notnull pk" json:"name"`
|
|
|
|
|
CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
|
|
|
|
|
|
2022-03-13 00:30:18 +08:00
|
|
|
DisplayName string `xorm:"varchar(100)" json:"displayName"`
|
|
|
|
|
WebsiteUrl string `xorm:"varchar(100)" json:"websiteUrl"`
|
|
|
|
|
Favicon string `xorm:"varchar(100)" json:"favicon"`
|
|
|
|
|
PasswordType string `xorm:"varchar(100)" json:"passwordType"`
|
|
|
|
|
PasswordSalt string `xorm:"varchar(100)" json:"passwordSalt"`
|
|
|
|
|
PhonePrefix string `xorm:"varchar(10)" json:"phonePrefix"`
|
|
|
|
|
DefaultAvatar string `xorm:"varchar(100)" json:"defaultAvatar"`
|
2022-09-10 20:41:45 +08:00
|
|
|
DefaultApplication string `xorm:"varchar(100)" json:"defaultApplication"`
|
2022-03-13 00:30:18 +08:00
|
|
|
Tags []string `xorm:"mediumtext" json:"tags"`
|
|
|
|
|
MasterPassword string `xorm:"varchar(100)" json:"masterPassword"`
|
|
|
|
|
EnableSoftDeletion bool `json:"enableSoftDeletion"`
|
2022-04-16 15:10:03 +08:00
|
|
|
IsProfilePublic bool `json:"isProfilePublic"`
|
2022-06-18 01:41:21 +08:00
|
|
|
|
2022-08-22 00:25:39 +08:00
|
|
|
AccountItems []*AccountItem `xorm:"varchar(3000)" json:"accountItems"`
|
2020-12-20 20:31:48 +08:00
|
|
|
}
|
|
|
|
|
|
2021-12-25 10:55:10 +08:00
|
|
|
func GetOrganizationCount(owner, field, value string) int {
|
2022-01-26 19:36:36 +08:00
|
|
|
session := GetSession(owner, -1, -1, field, value, "", "")
|
2021-12-25 10:55:10 +08:00
|
|
|
count, err := session.Count(&Organization{})
|
2021-11-06 11:32:22 +08:00
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return int(count)
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-20 20:31:48 +08:00
|
|
|
func GetOrganizations(owner string) []*Organization {
|
|
|
|
|
organizations := []*Organization{}
|
2021-05-02 10:30:12 +08:00
|
|
|
err := adapter.Engine.Desc("created_time").Find(&organizations, &Organization{Owner: owner})
|
2020-12-20 20:31:48 +08:00
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return organizations
|
|
|
|
|
}
|
|
|
|
|
|
2021-12-25 10:55:10 +08:00
|
|
|
func GetPaginationOrganizations(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Organization {
|
2021-11-06 11:32:22 +08:00
|
|
|
organizations := []*Organization{}
|
2021-12-25 10:55:10 +08:00
|
|
|
session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
|
|
|
|
|
err := session.Find(&organizations)
|
2021-11-06 11:32:22 +08:00
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return organizations
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-20 20:31:48 +08:00
|
|
|
func getOrganization(owner string, name string) *Organization {
|
2021-06-21 01:01:16 +08:00
|
|
|
if owner == "" || name == "" {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-20 20:31:48 +08:00
|
|
|
organization := Organization{Owner: owner, Name: name}
|
2021-05-02 10:30:12 +08:00
|
|
|
existed, err := adapter.Engine.Get(&organization)
|
2020-12-20 20:31:48 +08:00
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if existed {
|
|
|
|
|
return &organization
|
|
|
|
|
}
|
2021-11-06 11:32:22 +08:00
|
|
|
|
2021-09-04 22:20:47 +08:00
|
|
|
return nil
|
2020-12-20 20:31:48 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func GetOrganization(id string) *Organization {
|
|
|
|
|
owner, name := util.GetOwnerAndNameFromId(id)
|
|
|
|
|
return getOrganization(owner, name)
|
|
|
|
|
}
|
|
|
|
|
|
2021-11-06 21:14:53 +08:00
|
|
|
func GetMaskedOrganization(organization *Organization) *Organization {
|
|
|
|
|
if organization == nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if organization.MasterPassword != "" {
|
|
|
|
|
organization.MasterPassword = "***"
|
|
|
|
|
}
|
|
|
|
|
return organization
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func GetMaskedOrganizations(organizations []*Organization) []*Organization {
|
|
|
|
|
for _, organization := range organizations {
|
|
|
|
|
organization = GetMaskedOrganization(organization)
|
|
|
|
|
}
|
|
|
|
|
return organizations
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-20 20:31:48 +08:00
|
|
|
func UpdateOrganization(id string, organization *Organization) bool {
|
|
|
|
|
owner, name := util.GetOwnerAndNameFromId(id)
|
|
|
|
|
if getOrganization(owner, name) == nil {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
2021-12-23 00:40:07 +08:00
|
|
|
if name == "built-in" {
|
|
|
|
|
organization.Name = name
|
|
|
|
|
}
|
|
|
|
|
|
2021-12-23 01:01:23 +08:00
|
|
|
if name != organization.Name {
|
2022-11-02 00:17:38 +08:00
|
|
|
err := organizationChangeTrigger(name, organization.Name)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return false
|
|
|
|
|
}
|
2021-12-23 01:01:23 +08:00
|
|
|
}
|
|
|
|
|
|
2022-05-10 17:37:12 +08:00
|
|
|
if organization.MasterPassword != "" && organization.MasterPassword != "***" {
|
2021-12-22 20:56:22 +08:00
|
|
|
credManager := cred.GetCredManager(organization.PasswordType)
|
|
|
|
|
if credManager != nil {
|
|
|
|
|
hashedPassword := credManager.GetHashedPassword(organization.MasterPassword, "", organization.PasswordSalt)
|
|
|
|
|
organization.MasterPassword = hashedPassword
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-05-10 17:37:12 +08:00
|
|
|
session := adapter.Engine.ID(core.PK{owner, name}).AllCols()
|
|
|
|
|
if organization.MasterPassword == "***" {
|
|
|
|
|
session.Omit("master_password")
|
|
|
|
|
}
|
|
|
|
|
affected, err := session.Update(organization)
|
2020-12-20 20:31:48 +08:00
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-28 00:48:34 +08:00
|
|
|
return affected != 0
|
2020-12-20 20:31:48 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func AddOrganization(organization *Organization) bool {
|
2021-05-02 10:30:12 +08:00
|
|
|
affected, err := adapter.Engine.Insert(organization)
|
2020-12-20 20:31:48 +08:00
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return affected != 0
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func DeleteOrganization(organization *Organization) bool {
|
2021-12-23 00:40:07 +08:00
|
|
|
if organization.Name == "built-in" {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-02 10:30:12 +08:00
|
|
|
affected, err := adapter.Engine.ID(core.PK{organization.Owner, organization.Name}).Delete(&Organization{})
|
2020-12-20 20:31:48 +08:00
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return affected != 0
|
|
|
|
|
}
|
2021-05-13 09:39:07 +08:00
|
|
|
|
2021-05-16 22:58:30 +08:00
|
|
|
func GetOrganizationByUser(user *User) *Organization {
|
2021-05-16 21:04:26 +08:00
|
|
|
return getOrganization("admin", user.Owner)
|
|
|
|
|
}
|
2022-07-30 18:17:13 +08:00
|
|
|
|
|
|
|
|
func GetAccountItemByName(name string, organization *Organization) *AccountItem {
|
|
|
|
|
if organization == nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
for _, accountItem := range organization.AccountItems {
|
|
|
|
|
if accountItem.Name == name {
|
|
|
|
|
return accountItem
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-10-23 15:16:24 +08:00
|
|
|
func CheckAccountItemModifyRule(accountItem *AccountItem, user *User, lang string) (bool, string) {
|
2022-07-30 18:17:13 +08:00
|
|
|
switch accountItem.ModifyRule {
|
|
|
|
|
case "Admin":
|
|
|
|
|
if !(user.IsAdmin || user.IsGlobalAdmin) {
|
2022-10-23 15:16:24 +08:00
|
|
|
return false, fmt.Sprintf(i18n.Translate(lang, "OrgErr.OnlyAdmin"), accountItem.Name)
|
2022-07-30 18:17:13 +08:00
|
|
|
}
|
|
|
|
|
case "Immutable":
|
2022-10-23 15:16:24 +08:00
|
|
|
return false, fmt.Sprintf(i18n.Translate(lang, "OrgErr.Immutable"), accountItem.Name)
|
2022-07-30 18:17:13 +08:00
|
|
|
case "Self":
|
|
|
|
|
break
|
|
|
|
|
default:
|
2022-10-23 15:16:24 +08:00
|
|
|
return false, fmt.Sprintf(i18n.Translate(lang, "OrgErr.UnknownModifyRule"), accountItem.ModifyRule)
|
2022-07-30 18:17:13 +08:00
|
|
|
}
|
|
|
|
|
return true, ""
|
|
|
|
|
}
|
2022-09-10 20:41:45 +08:00
|
|
|
|
2022-10-09 10:39:33 +08:00
|
|
|
func GetDefaultApplication(id string) (*Application, error) {
|
2022-09-10 20:41:45 +08:00
|
|
|
organization := GetOrganization(id)
|
|
|
|
|
if organization == nil {
|
2022-10-09 10:39:33 +08:00
|
|
|
return nil, fmt.Errorf("The organization: %s does not exist", id)
|
2022-09-10 20:41:45 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if organization.DefaultApplication != "" {
|
2022-10-09 10:39:33 +08:00
|
|
|
return getApplication("admin", organization.DefaultApplication), fmt.Errorf("The default application: %s does not exist", organization.DefaultApplication)
|
2022-09-10 20:41:45 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
applications := []*Application{}
|
|
|
|
|
err := adapter.Engine.Asc("created_time").Find(&applications, &Application{Organization: organization.Name})
|
|
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if len(applications) == 0 {
|
2022-10-09 10:39:33 +08:00
|
|
|
return nil, fmt.Errorf("The application does not exist")
|
2022-09-10 20:41:45 +08:00
|
|
|
}
|
|
|
|
|
|
2022-09-13 22:54:05 +08:00
|
|
|
defaultApplication := applications[0]
|
2022-09-10 20:41:45 +08:00
|
|
|
for _, application := range applications {
|
|
|
|
|
if application.EnableSignUp {
|
2022-09-13 22:54:05 +08:00
|
|
|
defaultApplication = application
|
|
|
|
|
break
|
2022-09-10 20:41:45 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-09-13 22:54:05 +08:00
|
|
|
extendApplicationWithProviders(defaultApplication)
|
|
|
|
|
extendApplicationWithOrg(defaultApplication)
|
|
|
|
|
|
2022-10-09 10:39:33 +08:00
|
|
|
return defaultApplication, nil
|
2022-09-10 20:41:45 +08:00
|
|
|
}
|
2022-11-02 00:17:38 +08:00
|
|
|
|
|
|
|
|
func organizationChangeTrigger(oldName string, newName string) error {
|
|
|
|
|
session := adapter.Engine.NewSession()
|
|
|
|
|
defer session.Close()
|
|
|
|
|
|
|
|
|
|
err := session.Begin()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
application := new(Application)
|
|
|
|
|
application.Organization = newName
|
|
|
|
|
_, err = session.Where("organization=?", oldName).Update(application)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
user := new(User)
|
|
|
|
|
user.Owner = newName
|
|
|
|
|
_, err = session.Where("owner=?", oldName).Update(user)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
role := new(Role)
|
|
|
|
|
_, err = adapter.Engine.Where("owner=?", oldName).Get(role)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
for i, u := range role.Users {
|
|
|
|
|
// u = organization/username
|
|
|
|
|
split := strings.Split(u, "/")
|
|
|
|
|
if split[0] == oldName {
|
|
|
|
|
split[0] = newName
|
|
|
|
|
role.Users[i] = split[0] + "/" + split[1]
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
for i, u := range role.Roles {
|
|
|
|
|
// u = organization/username
|
|
|
|
|
split := strings.Split(u, "/")
|
|
|
|
|
if split[0] == oldName {
|
|
|
|
|
split[0] = newName
|
|
|
|
|
role.Roles[i] = split[0] + "/" + split[1]
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
role.Owner = newName
|
|
|
|
|
_, err = session.Where("owner=?", oldName).Update(role)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
permission := new(Permission)
|
|
|
|
|
_, err = adapter.Engine.Where("owner=?", oldName).Get(permission)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
for i, u := range permission.Users {
|
|
|
|
|
// u = organization/username
|
|
|
|
|
split := strings.Split(u, "/")
|
|
|
|
|
if split[0] == oldName {
|
|
|
|
|
split[0] = newName
|
|
|
|
|
permission.Users[i] = split[0] + "/" + split[1]
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
for i, u := range permission.Roles {
|
|
|
|
|
// u = organization/username
|
|
|
|
|
split := strings.Split(u, "/")
|
|
|
|
|
if split[0] == oldName {
|
|
|
|
|
split[0] = newName
|
|
|
|
|
permission.Roles[i] = split[0] + "/" + split[1]
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
permission.Owner = newName
|
|
|
|
|
_, err = session.Where("owner=?", oldName).Update(permission)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
casbinAdapter := new(CasbinAdapter)
|
|
|
|
|
casbinAdapter.Owner = newName
|
|
|
|
|
casbinAdapter.Organization = newName
|
|
|
|
|
_, err = session.Where("owner=?", oldName).Update(casbinAdapter)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ldap := new(Ldap)
|
|
|
|
|
ldap.Owner = newName
|
|
|
|
|
_, err = session.Where("owner=?", oldName).Update(ldap)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
model := new(Model)
|
|
|
|
|
model.Owner = newName
|
|
|
|
|
_, err = session.Where("owner=?", oldName).Update(model)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
payment := new(Payment)
|
|
|
|
|
payment.Organization = newName
|
|
|
|
|
_, err = session.Where("organization=?", oldName).Update(payment)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
record := new(Record)
|
|
|
|
|
record.Owner = newName
|
|
|
|
|
record.Organization = newName
|
|
|
|
|
_, err = session.Where("organization=?", oldName).Update(record)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
resource := new(Resource)
|
|
|
|
|
resource.Owner = newName
|
|
|
|
|
_, err = session.Where("owner=?", oldName).Update(resource)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
syncer := new(Syncer)
|
|
|
|
|
syncer.Organization = newName
|
|
|
|
|
_, err = session.Where("organization=?", oldName).Update(syncer)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
token := new(Token)
|
|
|
|
|
token.Organization = newName
|
|
|
|
|
_, err = session.Where("organization=?", oldName).Update(token)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
webhook := new(Webhook)
|
|
|
|
|
webhook.Organization = newName
|
|
|
|
|
_, err = session.Where("organization=?", oldName).Update(webhook)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return session.Commit()
|
|
|
|
|
}
|
