diff --git a/controllers/user.go b/controllers/user.go
index 791f20bc..7c19295b 100644
--- a/controllers/user.go
+++ b/controllers/user.go
@@ -112,6 +112,11 @@ func (c *ApiController) GetUser() {
user = object.GetUser(id)
}
+ roles := object.GetRolesByUser(fmt.Sprintf("%s/%s", user.Owner, user.Name))
+ user.Roles = roles
+ permissions := object.GetPermissionsByUser(fmt.Sprintf("%s/%s", user.Owner, user.Name))
+ user.Permissions = permissions
+
c.Data["json"] = object.GetMaskedUser(user)
c.ServeJSON()
}
diff --git a/object/init.go b/object/init.go
index dc959e1b..1b25a522 100644
--- a/object/init.go
+++ b/object/init.go
@@ -71,6 +71,8 @@ func initBuiltInOrganization() bool {
{Name: "Bio", Visible: true, ViewRule: "Public", ModifyRule: "Self"},
{Name: "Tag", Visible: true, ViewRule: "Public", ModifyRule: "Admin"},
{Name: "Signup application", Visible: true, ViewRule: "Public", ModifyRule: "Admin"},
+ {Name: "Roles", Visible: true, ViewRule: "Public", ModifyRule: "Immutable"},
+ {Name: "Permissions", Visible: true, ViewRule: "Public", ModifyRule: "Immutable"},
{Name: "3rd-party logins", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
{Name: "Properties", Visible: false, ViewRule: "Admin", ModifyRule: "Admin"},
{Name: "Is admin", Visible: true, ViewRule: "Admin", ModifyRule: "Admin"},
diff --git a/object/init_data.go b/object/init_data.go
index e16630fb..8f461062 100644
--- a/object/init_data.go
+++ b/object/init_data.go
@@ -89,6 +89,8 @@ func initDefinedOrganization(organization *Organization) {
{Name: "Bio", Visible: true, ViewRule: "Public", ModifyRule: "Self"},
{Name: "Tag", Visible: true, ViewRule: "Public", ModifyRule: "Admin"},
{Name: "Signup application", Visible: true, ViewRule: "Public", ModifyRule: "Admin"},
+ {Name: "Roles", Visible: true, ViewRule: "Public", ModifyRule: "Immutable"},
+ {Name: "Permissions", Visible: true, ViewRule: "Public", ModifyRule: "Immutable"},
{Name: "3rd-party logins", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
{Name: "Properties", Visible: false, ViewRule: "Admin", ModifyRule: "Admin"},
{Name: "Is admin", Visible: true, ViewRule: "Admin", ModifyRule: "Admin"},
diff --git a/object/permission.go b/object/permission.go
index de87b235..bcb26a35 100644
--- a/object/permission.go
+++ b/object/permission.go
@@ -229,3 +229,13 @@ func removePolicies(permission *Permission) {
panic(err)
}
}
+
+func GetPermissionsByUser(userId string) []*Permission {
+ permissions := []*Permission{}
+ err := adapter.Engine.Where("users like ?", "%"+userId+"%").Find(&permissions)
+ if err != nil {
+ panic(err)
+ }
+
+ return permissions
+}
diff --git a/object/role.go b/object/role.go
index 672420be..5aa184a5 100644
--- a/object/role.go
+++ b/object/role.go
@@ -121,3 +121,13 @@ func DeleteRole(role *Role) bool {
func (role *Role) GetId() string {
return fmt.Sprintf("%s/%s", role.Owner, role.Name)
}
+
+func GetRolesByUser(userId string) []*Role {
+ roles := []*Role{}
+ err := adapter.Engine.Where("users like ?", "%"+userId+"%").Find(&roles)
+ if err != nil {
+ panic(err)
+ }
+
+ return roles
+}
diff --git a/object/user.go b/object/user.go
index bb3f48e0..45ef11d7 100644
--- a/object/user.go
+++ b/object/user.go
@@ -104,6 +104,9 @@ type User struct {
Ldap string `xorm:"ldap varchar(100)" json:"ldap"`
Properties map[string]string `json:"properties"`
+
+ Roles []*Role `json:"roles"`
+ Permissions []*Permission `json:"permissions"`
}
type Userinfo struct {
diff --git a/web/src/AccountTable.js b/web/src/AccountTable.js
index e0da9780..7668135c 100644
--- a/web/src/AccountTable.js
+++ b/web/src/AccountTable.js
@@ -86,6 +86,8 @@ class AccountTable extends React.Component {
{name: "Bio", displayName: i18next.t("user:Bio")},
{name: "Tag", displayName: i18next.t("user:Tag")},
{name: "Signup application", displayName: i18next.t("general:Signup application")},
+ {name: "Roles", displayName: i18next.t("general:Roles")},
+ {name: "Permissions", displayName: i18next.t("general:Permissions")},
{name: "3rd-party logins", displayName: i18next.t("user:3rd-party logins")},
{name: "Properties", displayName: i18next.t("user:Properties")},
{name: "Is admin", displayName: i18next.t("user:Is admin")},
diff --git a/web/src/OrganizationListPage.js b/web/src/OrganizationListPage.js
index 272e679f..4c2c7fab 100644
--- a/web/src/OrganizationListPage.js
+++ b/web/src/OrganizationListPage.js
@@ -57,6 +57,8 @@ class OrganizationListPage extends BaseListPage {
{name: "Bio", visible: true, viewRule: "Public", modifyRule: "Self"},
{name: "Tag", visible: true, viewRule: "Public", modifyRule: "Admin"},
{name: "Signup application", visible: true, viewRule: "Public", modifyRule: "Admin"},
+ {name: "Roles", visible: true, viewRule: "Public", modifyRule: "Immutable"},
+ {name: "Permissions", visible: true, viewRule: "Public", modifyRule: "Immutable"},
{name: "3rd-party logins", visible: true, viewRule: "Self", modifyRule: "Self"},
{name: "Properties", visible: false, viewRule: "Admin", modifyRule: "Admin"},
{name: "Is admin", visible: true, viewRule: "Admin", modifyRule: "Admin"},
diff --git a/web/src/UserEditPage.js b/web/src/UserEditPage.js
index a73005ba..da20ba46 100644
--- a/web/src/UserEditPage.js
+++ b/web/src/UserEditPage.js
@@ -427,6 +427,32 @@ class UserEditPage extends React.Component {
);
+ } else if (accountItem.name === "Roles") {
+ return (
+
+
+ {Setting.getLabel(i18next.t("general:Roles"), i18next.t("general:Roles - Tooltip"))} :
+
+
+ {
+ Setting.getTags(this.state.user.roles.map(role => role.name))
+ }
+
+
+ );
+ } else if (accountItem.name === "Permissions") {
+ return (
+
+
+ {Setting.getLabel(i18next.t("general:Permissions"), i18next.t("general:Permissions - Tooltip"))} :
+
+
+ {
+ Setting.getTags(this.state.user.permissions.map(permission => permission.name))
+ }
+
+
+ );
} else if (accountItem.name === "3rd-party logins") {
return (
!this.isSelfOrAdmin() ? null : (