llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-07-02 03:00:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: add Organization.HasPrivilegeConsent to block add-user API for the "built-in" org (#3864)

Browse Source
This commit is contained in:
DacongDA
2025-06-06 23:05:01 +08:00
committed by GitHub
parent c6a50349cc
commit 4cb0cd7c5a
61 changed files with 213 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
object/init.go
View File

@ -154,7 +154,7 @@ func initBuiltInUser() {
CreatedIp: "127.0.0.1",
Properties: make(map[string]string),
}
_, err = AddUser(user)
_, err = AddUser(user, "en")
if err != nil {
panic(err)
}

2
object/init_data.go
View File

@ -342,7 +342,7 @@ func initDefinedUser(user *User) {
if user.Properties == nil {
user.Properties = make(map[string]string)
}
_, err = AddUser(user)
_, err = AddUser(user, "en")
if err != nil {
panic(err)
}

2
object/ldap_conn.go
View File

@ -351,7 +351,7 @@ func SyncLdapUsers(owner string, syncUsers []LdapUser, ldapId string) (existUser
newUser.Groups = []string{ldap.DefaultGroup}
}
affected, err := AddUser(newUser)
affected, err := AddUser(newUser, "en")
if err != nil {
return nil, nil, err
}

1
object/organization.go
View File

@ -57,6 +57,7 @@ type Organization struct {
Logo string `xorm:"varchar(200)" json:"logo"`
LogoDark string `xorm:"varchar(200)" json:"logoDark"`
Favicon string `xorm:"varchar(200)" json:"favicon"`
HasPrivilegeConsent bool `xorm:"bool" json:"hasPrivilegeConsent"`
PasswordType string `xorm:"varchar(100)" json:"passwordType"`
PasswordSalt string `xorm:"varchar(100)" json:"passwordSalt"`
PasswordOptions []string `xorm:"varchar(100)" json:"passwordOptions"`

2
object/token_oauth.go
View File

@ -764,7 +764,7 @@ func GetWechatMiniProgramToken(application *Application, code string, host strin
UserPropertiesWechatUnionId: unionId,
},
}
_, err = AddUser(user)
_, err = AddUser(user, "en")
if err != nil {
return nil, nil, err
}

13
object/user.go
View File

@ -25,6 +25,7 @@ import (
"github.com/casdoor/casdoor/conf"
"github.com/casdoor/casdoor/faceId"
"github.com/casdoor/casdoor/i18n"
"github.com/casdoor/casdoor/proxy"
"github.com/casdoor/casdoor/util"
"github.com/go-webauthn/webauthn/webauthn"
@ -818,7 +819,7 @@ func UpdateUserForAllFields(id string, user *User) (bool, error) {
return affected != 0, nil
}
func AddUser(user *User) (bool, error) {
func AddUser(user *User, lang string) (bool, error) {
if user.Id == "" {
application, err := GetApplicationByUser(user)
if err != nil {
@ -834,7 +835,7 @@ func AddUser(user *User) (bool, error) {
}
if user.Owner == "" || user.Name == "" {
return false, fmt.Errorf("the user's owner and name should not be empty")
return false, fmt.Errorf(i18n.Translate(lang, "user:the user's owner and name should not be empty"))
}
if CheckUsernameWithEmail(user.Name, "en") != "" {
@ -846,7 +847,7 @@ func AddUser(user *User) (bool, error) {
return false, err
}
if organization == nil {
return false, fmt.Errorf("the organization: %s is not found", user.Owner)
return false, fmt.Errorf(i18n.Translate(lang, "auth:the organization: %s is not found"), user.Owner)
}
if user.Owner != "built-in" {
@ -855,10 +856,14 @@ func AddUser(user *User) (bool, error) {
return false, err
}
if applicationCount == 0 {
return false, fmt.Errorf("The organization: %s should have one application at least", organization.Owner)
return false, fmt.Errorf(i18n.Translate(lang, "general:The organization: %s should have one application at least"), organization.Owner)
}
}
if organization.Name == "built-in" && !organization.HasPrivilegeConsent && user.Name != "admin" {
return false, fmt.Errorf(i18n.Translate(lang, "organization:adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."))
}
if organization.DefaultPassword != "" && user.Password == "123" {
user.Password = organization.DefaultPassword
}