llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-07-02 03:00:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: add Organization.HasPrivilegeConsent to block add-user API for the "built-in" org (#3864)

Browse Source
This commit is contained in:
DacongDA
2025-06-06 23:05:01 +08:00
committed by GitHub
parent c6a50349cc
commit 4cb0cd7c5a
61 changed files with 213 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
object/user.go
View File

@ -25,6 +25,7 @@ import (
"github.com/casdoor/casdoor/conf"
"github.com/casdoor/casdoor/faceId"
"github.com/casdoor/casdoor/i18n"
"github.com/casdoor/casdoor/proxy"
"github.com/casdoor/casdoor/util"
"github.com/go-webauthn/webauthn/webauthn"
@ -818,7 +819,7 @@ func UpdateUserForAllFields(id string, user *User) (bool, error) {
return affected != 0, nil
}
func AddUser(user *User) (bool, error) {
func AddUser(user *User, lang string) (bool, error) {
if user.Id == "" {
application, err := GetApplicationByUser(user)
if err != nil {
@ -834,7 +835,7 @@ func AddUser(user *User) (bool, error) {
}
if user.Owner == "" || user.Name == "" {
return false, fmt.Errorf("the user's owner and name should not be empty")
return false, fmt.Errorf(i18n.Translate(lang, "user:the user's owner and name should not be empty"))
}
if CheckUsernameWithEmail(user.Name, "en") != "" {
@ -846,7 +847,7 @@ func AddUser(user *User) (bool, error) {
return false, err
}
if organization == nil {
return false, fmt.Errorf("the organization: %s is not found", user.Owner)
return false, fmt.Errorf(i18n.Translate(lang, "auth:the organization: %s is not found"), user.Owner)
}
if user.Owner != "built-in" {
@ -855,10 +856,14 @@ func AddUser(user *User) (bool, error) {
return false, err
}
if applicationCount == 0 {
return false, fmt.Errorf("The organization: %s should have one application at least", organization.Owner)
return false, fmt.Errorf(i18n.Translate(lang, "general:The organization: %s should have one application at least"), organization.Owner)
}
}
if organization.Name == "built-in" && !organization.HasPrivilegeConsent && user.Name != "admin" {
return false, fmt.Errorf(i18n.Translate(lang, "organization:adding a new user to the 'built-in' organization is currently disabled. Please note: all users in the 'built-in' organization are global administrators in Casdoor. Refer to the docs: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. If you still wish to create a user for the 'built-in' organization, go to the organization's settings page and enable the 'Has privilege consent' option."))
}
if organization.DefaultPassword != "" && user.Password == "123" {
user.Password = organization.DefaultPassword
}