From 2fec3f72ae9a38891a951e55e088b4967cdf4836 Mon Sep 17 00:00:00 2001 From: Mikey Date: Sat, 30 Jul 2022 18:17:13 +0800 Subject: [PATCH] fix: check reset phone & email modify rules (#927) * fix: check reset phone & email modify rules * Update verification.go * Update organization.go Co-authored-by: Yang Luo --- controllers/verification.go | 24 +++++++++++++++++++++++- object/organization.go | 30 ++++++++++++++++++++++++++++++ web/src/UserEditPage.js | 4 ++-- 3 files changed, 55 insertions(+), 3 deletions(-) diff --git a/controllers/verification.go b/controllers/verification.go index f2312550..7134a17f 100644 --- a/controllers/verification.go +++ b/controllers/verification.go @@ -168,13 +168,35 @@ func (c *ApiController) ResetEmailOrPhone() { } checkDest := dest + org := object.GetOrganizationByUser(user) if destType == "phone" { - org := object.GetOrganizationByUser(user) + phoneItem := object.GetAccountItemByName("Phone", org) + if phoneItem == nil { + c.ResponseError("Unable to get the phone modify rule.") + return + } + + if pass, errMsg := object.CheckAccountItemModifyRule(phoneItem, user); !pass { + c.ResponseError(errMsg) + return + } + phonePrefix := "86" if org != nil && org.PhonePrefix != "" { phonePrefix = org.PhonePrefix } checkDest = fmt.Sprintf("+%s%s", phonePrefix, dest) + } else if destType == "email" { + emailItem := object.GetAccountItemByName("Email", org) + if emailItem == nil { + c.ResponseError("Unable to get the email modify rule.") + return + } + + if pass, errMsg := object.CheckAccountItemModifyRule(emailItem, user); !pass { + c.ResponseError(errMsg) + return + } } if ret := object.CheckVerificationCode(checkDest, code); len(ret) != 0 { c.ResponseError(ret) diff --git a/object/organization.go b/object/organization.go index 20aeb222..f6320aa4 100644 --- a/object/organization.go +++ b/object/organization.go @@ -15,6 +15,8 @@ package object import ( + "fmt" + "github.com/casdoor/casdoor/cred" "github.com/casdoor/casdoor/util" "xorm.io/core" @@ -186,3 +188,31 @@ func DeleteOrganization(organization *Organization) bool { func GetOrganizationByUser(user *User) *Organization { return getOrganization("admin", user.Owner) } + +func GetAccountItemByName(name string, organization *Organization) *AccountItem { + if organization == nil { + return nil + } + for _, accountItem := range organization.AccountItems { + if accountItem.Name == name { + return accountItem + } + } + return nil +} + +func CheckAccountItemModifyRule(accountItem *AccountItem, user *User) (bool, string) { + switch accountItem.ModifyRule { + case "Admin": + if !(user.IsAdmin || user.IsGlobalAdmin) { + return false, fmt.Sprintf("Only admin can modify the %s.", accountItem.Name) + } + case "Immutable": + return false, fmt.Sprintf("The %s is immutable.", accountItem.Name) + case "Self": + break + default: + return false, fmt.Sprintf("Unknown modify rule %s.", accountItem.ModifyRule) + } + return true, "" +} diff --git a/web/src/UserEditPage.js b/web/src/UserEditPage.js index da20ba46..8a631ca2 100644 --- a/web/src/UserEditPage.js +++ b/web/src/UserEditPage.js @@ -291,7 +291,7 @@ class UserEditPage extends React.Component { }} /> - {this.state.user.id === this.props.account?.id ? () : null} + {this.state.user.id === this.props.account?.id ? () : null} ); @@ -309,7 +309,7 @@ class UserEditPage extends React.Component { }} /> - {this.state.user.id === this.props.account?.id ? () : null} + {this.state.user.id === this.props.account?.id ? () : null} );