From 6a952952a8997747073b97f94f9a2dde1a7a262f Mon Sep 17 00:00:00 2001
From: June <55494127+notdu@users.noreply.github.com>
Date: Wed, 26 Jul 2023 16:17:49 +0700
Subject: [PATCH] fix: unmask application for org admin (#2138)

* feat: unmask application with user admin

* Update application.go

---------

Co-authored-by: hsluoyz <hsluoyz@qq.com>
---
 object/application.go | 15 +++++++++++----
 object/user.go        |  8 ++++++++
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/object/application.go b/object/application.go
index aaec8535..3fcb397d 100644
--- a/object/application.go
+++ b/object/application.go
@@ -281,14 +281,21 @@ func GetApplication(id string) (*Application, error) {
 }
 
 func GetMaskedApplication(application *Application, userId string) *Application {
-	if isUserIdGlobalAdmin(userId) {
-		return application
-	}
-
 	if application == nil {
 		return nil
 	}
 
+	if userId != "" {
+		if isUserIdGlobalAdmin(userId) {
+			return application
+		}
+
+		user, _ := GetUser(userId)
+		if user != nil && user.IsApplicationAdmin(application) {
+			return application
+		}
+	}
+
 	if application.ClientSecret != "" {
 		application.ClientSecret = "***"
 	}
diff --git a/object/user.go b/object/user.go
index 198f1678..60048b10 100644
--- a/object/user.go
+++ b/object/user.go
@@ -860,3 +860,11 @@ func AddUserkeys(user *User, isAdmin bool) (bool, error) {
 
 	return UpdateUser(user.GetId(), user, []string{}, isAdmin)
 }
+
+func (user *User) IsApplicationAdmin(application *Application) bool {
+	if user == nil {
+		return false
+	}
+
+	return (user.Owner == application.Organization && user.IsAdmin) || user.IsGlobalAdmin
+}