Support app user in SetPassword().

This commit is contained in:
Yang Luo
2021-12-31 13:32:18 +08:00
parent 4b65320a96
commit 2fcc8f5bfe

View File

@ -226,11 +226,6 @@ func (c *ApiController) SetPassword() {
c.ResponseError("Please login first.") c.ResponseError("Please login first.")
return return
} }
requestUser := object.GetUser(requestUserId)
if requestUser == nil {
c.ResponseError("Session outdated. Please login again.")
return
}
userId := fmt.Sprintf("%s/%s", userOwner, userName) userId := fmt.Sprintf("%s/%s", userOwner, userName)
targetUser := object.GetUser(userId) targetUser := object.GetUser(userId)
@ -240,7 +235,14 @@ func (c *ApiController) SetPassword() {
} }
hasPermission := false hasPermission := false
if strings.HasPrefix(requestUserId, "app/") {
hasPermission = true
} else {
requestUser := object.GetUser(requestUserId)
if requestUser == nil {
c.ResponseError("Session outdated. Please login again.")
return
}
if requestUser.IsGlobalAdmin { if requestUser.IsGlobalAdmin {
hasPermission = true hasPermission = true
} else if requestUserId == userId { } else if requestUserId == userId {
@ -248,7 +250,7 @@ func (c *ApiController) SetPassword() {
} else if targetUser.Owner == requestUser.Owner && requestUser.IsAdmin { } else if targetUser.Owner == requestUser.Owner && requestUser.IsAdmin {
hasPermission = true hasPermission = true
} }
}
if !hasPermission { if !hasPermission {
c.ResponseError("You don't have the permission to do this.") c.ResponseError("You don't have the permission to do this.")
return return