mirror of
https://github.com/casdoor/casdoor.git
synced 2025-07-04 05:10:19 +08:00
Support app user in SetPassword().
This commit is contained in:
@ -226,11 +226,6 @@ func (c *ApiController) SetPassword() {
|
|||||||
c.ResponseError("Please login first.")
|
c.ResponseError("Please login first.")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
requestUser := object.GetUser(requestUserId)
|
|
||||||
if requestUser == nil {
|
|
||||||
c.ResponseError("Session outdated. Please login again.")
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
userId := fmt.Sprintf("%s/%s", userOwner, userName)
|
userId := fmt.Sprintf("%s/%s", userOwner, userName)
|
||||||
targetUser := object.GetUser(userId)
|
targetUser := object.GetUser(userId)
|
||||||
@ -240,7 +235,14 @@ func (c *ApiController) SetPassword() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
hasPermission := false
|
hasPermission := false
|
||||||
|
if strings.HasPrefix(requestUserId, "app/") {
|
||||||
|
hasPermission = true
|
||||||
|
} else {
|
||||||
|
requestUser := object.GetUser(requestUserId)
|
||||||
|
if requestUser == nil {
|
||||||
|
c.ResponseError("Session outdated. Please login again.")
|
||||||
|
return
|
||||||
|
}
|
||||||
if requestUser.IsGlobalAdmin {
|
if requestUser.IsGlobalAdmin {
|
||||||
hasPermission = true
|
hasPermission = true
|
||||||
} else if requestUserId == userId {
|
} else if requestUserId == userId {
|
||||||
@ -248,7 +250,7 @@ func (c *ApiController) SetPassword() {
|
|||||||
} else if targetUser.Owner == requestUser.Owner && requestUser.IsAdmin {
|
} else if targetUser.Owner == requestUser.Owner && requestUser.IsAdmin {
|
||||||
hasPermission = true
|
hasPermission = true
|
||||||
}
|
}
|
||||||
|
}
|
||||||
if !hasPermission {
|
if !hasPermission {
|
||||||
c.ResponseError("You don't have the permission to do this.")
|
c.ResponseError("You don't have the permission to do this.")
|
||||||
return
|
return
|
||||||
|
Reference in New Issue
Block a user