mirror of
https://github.com/casdoor/casdoor.git
synced 2025-07-02 11:20:18 +08:00
feat: fix the bug that admin cannot upload avatar for other users (#1323)
This commit is contained in:
Yaodong Yu
@ -307,7 +307,7 @@ func (c *ApiController) Login() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
organization := object.GetOrganization(fmt.Sprintf("%s/%s", "admin", application.Organization))
|
organization := object.GetOrganization(fmt.Sprintf("%s/%s", "admin", application.Organization))
|
||||||
provider := object.GetProvider(util.GetId(form.Provider))
|
provider := object.GetProvider(util.GetId("admin", form.Provider))
|
||||||
providerItem := application.GetProviderItem(provider.Name)
|
providerItem := application.GetProviderItem(provider.Name)
|
||||||
if !providerItem.IsProviderVisible() {
|
if !providerItem.IsProviderVisible() {
|
||||||
c.ResponseError(fmt.Sprintf(c.T("ProviderErr.ProviderNotEnabled"), provider.Name))
|
c.ResponseError(fmt.Sprintf(c.T("ProviderErr.ProviderNotEnabled"), provider.Name))
|
||||||
|
|||||||
@ -156,7 +156,7 @@ func (c *ApiController) UploadResource() {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
provider, user, ok := c.GetProviderFromContext("Storage")
|
provider, _, ok := c.GetProviderFromContext("Storage")
|
||||||
if !ok {
|
if !ok {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@ -202,12 +202,10 @@ func (c *ApiController) UploadResource() {
|
|||||||
|
|
||||||
switch tag {
|
switch tag {
|
||||||
case "avatar":
|
case "avatar":
|
||||||
|
user := object.GetUserNoCheck(util.GetId(owner, username))
|
||||||
if user == nil {
|
if user == nil {
|
||||||
user = object.GetUserNoCheck(username)
|
c.ResponseError(c.T("ResourceErr.UserIsNil"))
|
||||||
if user == nil {
|
return
|
||||||
c.ResponseError(c.T("ResourceErr.UserIsNil"))
|
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
user.Avatar = fileUrl
|
user.Avatar = fileUrl
|
||||||
|
|||||||
@ -60,7 +60,7 @@ func (c *ApiController) SendEmail() {
|
|||||||
var provider *object.Provider
|
var provider *object.Provider
|
||||||
if emailForm.Provider != "" {
|
if emailForm.Provider != "" {
|
||||||
// called by frontend's TestEmailWidget, provider name is set by frontend
|
// called by frontend's TestEmailWidget, provider name is set by frontend
|
||||||
provider = object.GetProvider(util.GetId(emailForm.Provider))
|
provider = object.GetProvider(util.GetId("admin", emailForm.Provider))
|
||||||
} else {
|
} else {
|
||||||
// called by Casdoor SDK via Client ID & Client Secret, so the used Email provider will be the application' Email provider or the default Email provider
|
// called by Casdoor SDK via Client ID & Client Secret, so the used Email provider will be the application' Email provider or the default Email provider
|
||||||
var ok bool
|
var ok bool
|
||||||
|
|||||||
@ -126,7 +126,7 @@ func getInitScore() (int, error) {
|
|||||||
func (c *ApiController) GetProviderFromContext(category string) (*object.Provider, *object.User, bool) {
|
func (c *ApiController) GetProviderFromContext(category string) (*object.Provider, *object.User, bool) {
|
||||||
providerName := c.Input().Get("provider")
|
providerName := c.Input().Get("provider")
|
||||||
if providerName != "" {
|
if providerName != "" {
|
||||||
provider := object.GetProvider(util.GetId(providerName))
|
provider := object.GetProvider(util.GetId("admin", providerName))
|
||||||
if provider == nil {
|
if provider == nil {
|
||||||
c.ResponseError(c.T("ProviderErr.ProviderNotFound"), providerName)
|
c.ResponseError(c.T("ProviderErr.ProviderNotFound"), providerName)
|
||||||
return nil, nil, false
|
return nil, nil, false
|
||||||
|
|||||||
@ -25,6 +25,6 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
func TestDeployStaticFiles(t *testing.T) {
|
func TestDeployStaticFiles(t *testing.T) {
|
||||||
provider := object.GetProvider(util.GetId("provider_storage_aliyun_oss"))
|
provider := object.GetProvider(util.GetId("admin", "provider_storage_aliyun_oss"))
|
||||||
deployStaticFiles(provider)
|
deployStaticFiles(provider)
|
||||||
}
|
}
|
||||||
|
|||||||
@ -222,7 +222,7 @@ func initBuiltInLdap() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func initBuiltInProvider() {
|
func initBuiltInProvider() {
|
||||||
provider := GetProvider(util.GetId("provider_captcha_default"))
|
provider := GetProvider(util.GetId("admin", "provider_captcha_default"))
|
||||||
if provider != nil {
|
if provider != nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|||||||
@ -168,7 +168,7 @@ func initDefinedLdap(ldap *Ldap) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func initDefinedProvider(provider *Provider) {
|
func initDefinedProvider(provider *Provider) {
|
||||||
existed := GetProvider(util.GetId(provider.Name))
|
existed := GetProvider(util.GetId("admin", provider.Name))
|
||||||
if existed != nil {
|
if existed != nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|||||||
@ -678,7 +678,7 @@ func GetWechatMiniProgramToken(application *Application, code string, host strin
|
|||||||
ErrorDescription: "the application does not support wechat mini program",
|
ErrorDescription: "the application does not support wechat mini program",
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
provider := GetProvider(util.GetId(mpProvider.Name))
|
provider := GetProvider(util.GetId("admin", mpProvider.Name))
|
||||||
mpIdp := idp.NewWeChatMiniProgramIdProvider(provider.ClientId, provider.ClientSecret)
|
mpIdp := idp.NewWeChatMiniProgramIdProvider(provider.ClientId, provider.ClientSecret)
|
||||||
session, err := mpIdp.GetSessionByCode(code)
|
session, err := mpIdp.GetSessionByCode(code)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|||||||
@ -123,8 +123,8 @@ func GenerateSimpleTimeId() string {
|
|||||||
return t
|
return t
|
||||||
}
|
}
|
||||||
|
|
||||||
func GetId(name string) string {
|
func GetId(owner, name string) string {
|
||||||
return fmt.Sprintf("admin/%s", name)
|
return fmt.Sprintf("%s/%s", owner, name)
|
||||||
}
|
}
|
||||||
|
|
||||||
func GetMd5Hash(text string) string {
|
func GetMd5Hash(text string) string {
|
||||||
|
|||||||
@ -137,16 +137,16 @@ func TestGenerateId(t *testing.T) {
|
|||||||
func TestGetId(t *testing.T) {
|
func TestGetId(t *testing.T) {
|
||||||
scenarios := []struct {
|
scenarios := []struct {
|
||||||
description string
|
description string
|
||||||
input string
|
input []string
|
||||||
expected interface{}
|
expected interface{}
|
||||||
}{
|
}{
|
||||||
{"Scenery one", "casdoor", "admin/casdoor"},
|
{"Scenery one", []string{"admin", "casdoor"}, "admin/casdoor"},
|
||||||
{"Scenery two", "casbin", "admin/casbin"},
|
{"Scenery two", []string{"admin", "casbin"}, "admin/casbin"},
|
||||||
{"Scenery three", "lorem ipsum", "admin/lorem ipsum"},
|
{"Scenery three", []string{"test", "lorem ipsum"}, "test/lorem ipsum"},
|
||||||
}
|
}
|
||||||
for _, scenery := range scenarios {
|
for _, scenery := range scenarios {
|
||||||
t.Run(scenery.description, func(t *testing.T) {
|
t.Run(scenery.description, func(t *testing.T) {
|
||||||
actual := GetId(scenery.input)
|
actual := GetId(scenery.input[0], scenery.input[1])
|
||||||
assert.Equal(t, scenery.expected, actual, "This not is a valid MD5")
|
assert.Equal(t, scenery.expected, actual, "This not is a valid MD5")
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|||||||
@ -30,6 +30,7 @@ export const CropperDiv = (props) => {
|
|||||||
const {title} = props;
|
const {title} = props;
|
||||||
const {user} = props;
|
const {user} = props;
|
||||||
const {buttonText} = props;
|
const {buttonText} = props;
|
||||||
|
const {organization} = props;
|
||||||
let uploadButton;
|
let uploadButton;
|
||||||
|
|
||||||
const onChange = (e) => {
|
const onChange = (e) => {
|
||||||
@ -92,9 +93,8 @@ export const CropperDiv = (props) => {
|
|||||||
|
|
||||||
const getOptions = (data) => {
|
const getOptions = (data) => {
|
||||||
const options = [];
|
const options = [];
|
||||||
if (props.account.organization.defaultAvatar !== null) {
|
options.push({value: organization?.defaultAvatar});
|
||||||
options.push({value: props.account.organization.defaultAvatar});
|
|
||||||
}
|
|
||||||
for (let i = 0; i < data.length; i++) {
|
for (let i = 0; i < data.length; i++) {
|
||||||
if (data[i].fileType === "image") {
|
if (data[i].fileType === "image") {
|
||||||
const url = `${data[i].url}`;
|
const url = `${data[i].url}`;
|
||||||
@ -125,7 +125,7 @@ export const CropperDiv = (props) => {
|
|||||||
|
|
||||||
useEffect(() => {
|
useEffect(() => {
|
||||||
setLoading(true);
|
setLoading(true);
|
||||||
ResourceBackend.getResources(props.account.owner, props.account.name, "", "", "", "", "", "")
|
ResourceBackend.getResources(user.owner, user.name, "", "", "", "", "", "")
|
||||||
.then((res) => {
|
.then((res) => {
|
||||||
setLoading(false);
|
setLoading(false);
|
||||||
setOptions(getOptions(res));
|
setOptions(getOptions(res));
|
||||||
|
|||||||
@ -242,7 +242,7 @@ class UserEditPage extends React.Component {
|
|||||||
</Col>
|
</Col>
|
||||||
</Row>
|
</Row>
|
||||||
<Row style={{marginTop: "20px"}}>
|
<Row style={{marginTop: "20px"}}>
|
||||||
<CropperDiv buttonText={`${i18next.t("user:Upload a photo")}...`} title={i18next.t("user:Upload a photo")} user={this.state.user} account={this.props.account} />
|
<CropperDiv buttonText={`${i18next.t("user:Upload a photo")}...`} title={i18next.t("user:Upload a photo")} user={this.state.user} organization={this.state.organizations.find(organization => organization.name === this.state.organizationName)} />
|
||||||
</Row>
|
</Row>
|
||||||
</Col>
|
</Col>
|
||||||
</Row>
|
</Row>
|
||||||
|
|||||||
Reference in New Issue
Block a user