llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-07-03 20:50:19 +08:00
Code Issues Packages Projects Releases Wiki Activity

Disable built-in/admin's unexpected change

Browse Source
This commit is contained in:
Yang Luo
2023-05-04 22:07:19 +08:00
parent 05c063ac24
commit 55fd31f575
3 changed files with 22 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
controllers/user.go
View File

@ -158,6 +158,11 @@ func (c *ApiController) UpdateUser() {
return
}
if oldUser.Owner == "built-in" && oldUser.Name == "admin" && (user.Owner != "built-in" || user.Name != "admin") {
c.ResponseError(c.T("auth:Unauthorized operation"))
return
}
if msg := object.CheckUpdateUser(oldUser, &user, c.GetAcceptLanguage()); msg != "" {
c.ResponseError(msg)
return
@ -229,6 +234,11 @@ func (c *ApiController) DeleteUser() {
return
}
if user.Owner == "built-in" && user.Name == "admin" {
c.ResponseError(c.T("auth:Unauthorized operation"))
return
}
c.Data["json"] = wrapActionResponse(object.DeleteUser(&user))
c.ServeJSON()
}
@ -286,6 +296,11 @@ func (c *ApiController) SetPassword() {
newPassword := c.Ctx.Request.Form.Get("newPassword")
code := c.Ctx.Request.Form.Get("code")
//if userOwner == "built-in" && userName == "admin" {
// c.ResponseError(c.T("auth:Unauthorized operation"))
// return
//}
if strings.Contains(newPassword, " ") {
c.ResponseError(c.T("user:New password cannot contain blank space."))
return

6
web/src/UserEditPage.js
View File

@ -180,6 +180,12 @@ class UserEditPage extends React.Component {
disabled = true;
}
if (accountItem.name === "Organization" || accountItem.name === "Name") {
if (this.state.user.owner === "built-in" && this.state.user.name === "admin") {
disabled = true;
}
}
if (accountItem.name === "Organization") {
return (
<Row style={{marginTop: "10px"}} >

2
web/src/UserListPage.js
View File

@ -339,7 +339,7 @@ class UserListPage extends BaseListPage {
width: "190px",
fixed: (Setting.isMobile()) ? "false" : "right",
render: (text, record, index) => {
const disabled = (record.owner === this.props.account.owner && record.name === this.props.account.name);
const disabled = (record.owner === this.props.account.owner && record.name === this.props.account.name) || (record.owner === "built-in" && record.name === "admin");
return (
<div>
<Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => {