From 2fcc8f5bfe60bc6d9cba27d59c9d4f763bf3f889 Mon Sep 17 00:00:00 2001
From: Yang Luo <hsluoyz@qq.com>
Date: Fri, 31 Dec 2021 13:32:18 +0800
Subject: [PATCH] Support app user in SetPassword().

---
 controllers/user.go | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/controllers/user.go b/controllers/user.go
index a5e58c20..f68771ce 100644
--- a/controllers/user.go
+++ b/controllers/user.go
@@ -226,11 +226,6 @@ func (c *ApiController) SetPassword() {
 		c.ResponseError("Please login first.")
 		return
 	}
-	requestUser := object.GetUser(requestUserId)
-	if requestUser == nil {
-		c.ResponseError("Session outdated. Please login again.")
-		return
-	}
 
 	userId := fmt.Sprintf("%s/%s", userOwner, userName)
 	targetUser := object.GetUser(userId)
@@ -240,15 +235,22 @@ func (c *ApiController) SetPassword() {
 	}
 
 	hasPermission := false
-
-	if requestUser.IsGlobalAdmin {
-		hasPermission = true
-	} else if requestUserId == userId {
-		hasPermission = true
-	} else if targetUser.Owner == requestUser.Owner && requestUser.IsAdmin {
+	if strings.HasPrefix(requestUserId, "app/") {
 		hasPermission = true
+	} else {
+		requestUser := object.GetUser(requestUserId)
+		if requestUser == nil {
+			c.ResponseError("Session outdated. Please login again.")
+			return
+		}
+		if requestUser.IsGlobalAdmin {
+			hasPermission = true
+		} else if requestUserId == userId {
+			hasPermission = true
+		} else if targetUser.Owner == requestUser.Owner && requestUser.IsAdmin {
+			hasPermission = true
+		}
 	}
-
 	if !hasPermission {
 		c.ResponseError("You don't have the permission to do this.")
 		return