mirror of
https://github.com/casdoor/casdoor.git
synced 2025-07-02 11:20:18 +08:00
feat: fix the bug that admin cannot upload avatar for other users (#1323)
This commit is contained in:
Yaodong Yu
@ -307,7 +307,7 @@ func (c *ApiController) Login() {
|
||||
}
|
||||
|
||||
organization := object.GetOrganization(fmt.Sprintf("%s/%s", "admin", application.Organization))
|
||||
provider := object.GetProvider(util.GetId(form.Provider))
|
||||
provider := object.GetProvider(util.GetId("admin", form.Provider))
|
||||
providerItem := application.GetProviderItem(provider.Name)
|
||||
if !providerItem.IsProviderVisible() {
|
||||
c.ResponseError(fmt.Sprintf(c.T("ProviderErr.ProviderNotEnabled"), provider.Name))
|
||||
|
||||
@ -156,7 +156,7 @@ func (c *ApiController) UploadResource() {
|
||||
return
|
||||
}
|
||||
|
||||
provider, user, ok := c.GetProviderFromContext("Storage")
|
||||
provider, _, ok := c.GetProviderFromContext("Storage")
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
@ -202,13 +202,11 @@ func (c *ApiController) UploadResource() {
|
||||
|
||||
switch tag {
|
||||
case "avatar":
|
||||
if user == nil {
|
||||
user = object.GetUserNoCheck(username)
|
||||
user := object.GetUserNoCheck(util.GetId(owner, username))
|
||||
if user == nil {
|
||||
c.ResponseError(c.T("ResourceErr.UserIsNil"))
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
user.Avatar = fileUrl
|
||||
object.UpdateUser(user.GetId(), user, []string{"avatar"}, false)
|
||||
|
||||
@ -60,7 +60,7 @@ func (c *ApiController) SendEmail() {
|
||||
var provider *object.Provider
|
||||
if emailForm.Provider != "" {
|
||||
// called by frontend's TestEmailWidget, provider name is set by frontend
|
||||
provider = object.GetProvider(util.GetId(emailForm.Provider))
|
||||
provider = object.GetProvider(util.GetId("admin", emailForm.Provider))
|
||||
} else {
|
||||
// called by Casdoor SDK via Client ID & Client Secret, so the used Email provider will be the application' Email provider or the default Email provider
|
||||
var ok bool
|
||||
|
||||
@ -126,7 +126,7 @@ func getInitScore() (int, error) {
|
||||
func (c *ApiController) GetProviderFromContext(category string) (*object.Provider, *object.User, bool) {
|
||||
providerName := c.Input().Get("provider")
|
||||
if providerName != "" {
|
||||
provider := object.GetProvider(util.GetId(providerName))
|
||||
provider := object.GetProvider(util.GetId("admin", providerName))
|
||||
if provider == nil {
|
||||
c.ResponseError(c.T("ProviderErr.ProviderNotFound"), providerName)
|
||||
return nil, nil, false
|
||||
|
||||
@ -25,6 +25,6 @@ import (
|
||||
)
|
||||
|
||||
func TestDeployStaticFiles(t *testing.T) {
|
||||
provider := object.GetProvider(util.GetId("provider_storage_aliyun_oss"))
|
||||
provider := object.GetProvider(util.GetId("admin", "provider_storage_aliyun_oss"))
|
||||
deployStaticFiles(provider)
|
||||
}
|
||||
|
||||
@ -222,7 +222,7 @@ func initBuiltInLdap() {
|
||||
}
|
||||
|
||||
func initBuiltInProvider() {
|
||||
provider := GetProvider(util.GetId("provider_captcha_default"))
|
||||
provider := GetProvider(util.GetId("admin", "provider_captcha_default"))
|
||||
if provider != nil {
|
||||
return
|
||||
}
|
||||
|
||||
@ -168,7 +168,7 @@ func initDefinedLdap(ldap *Ldap) {
|
||||
}
|
||||
|
||||
func initDefinedProvider(provider *Provider) {
|
||||
existed := GetProvider(util.GetId(provider.Name))
|
||||
existed := GetProvider(util.GetId("admin", provider.Name))
|
||||
if existed != nil {
|
||||
return
|
||||
}
|
||||
|
||||
@ -678,7 +678,7 @@ func GetWechatMiniProgramToken(application *Application, code string, host strin
|
||||
ErrorDescription: "the application does not support wechat mini program",
|
||||
}
|
||||
}
|
||||
provider := GetProvider(util.GetId(mpProvider.Name))
|
||||
provider := GetProvider(util.GetId("admin", mpProvider.Name))
|
||||
mpIdp := idp.NewWeChatMiniProgramIdProvider(provider.ClientId, provider.ClientSecret)
|
||||
session, err := mpIdp.GetSessionByCode(code)
|
||||
if err != nil {
|
||||
|
||||
@ -123,8 +123,8 @@ func GenerateSimpleTimeId() string {
|
||||
return t
|
||||
}
|
||||
|
||||
func GetId(name string) string {
|
||||
return fmt.Sprintf("admin/%s", name)
|
||||
func GetId(owner, name string) string {
|
||||
return fmt.Sprintf("%s/%s", owner, name)
|
||||
}
|
||||
|
||||
func GetMd5Hash(text string) string {
|
||||
|
||||
@ -137,16 +137,16 @@ func TestGenerateId(t *testing.T) {
|
||||
func TestGetId(t *testing.T) {
|
||||
scenarios := []struct {
|
||||
description string
|
||||
input string
|
||||
input []string
|
||||
expected interface{}
|
||||
}{
|
||||
{"Scenery one", "casdoor", "admin/casdoor"},
|
||||
{"Scenery two", "casbin", "admin/casbin"},
|
||||
{"Scenery three", "lorem ipsum", "admin/lorem ipsum"},
|
||||
{"Scenery one", []string{"admin", "casdoor"}, "admin/casdoor"},
|
||||
{"Scenery two", []string{"admin", "casbin"}, "admin/casbin"},
|
||||
{"Scenery three", []string{"test", "lorem ipsum"}, "test/lorem ipsum"},
|
||||
}
|
||||
for _, scenery := range scenarios {
|
||||
t.Run(scenery.description, func(t *testing.T) {
|
||||
actual := GetId(scenery.input)
|
||||
actual := GetId(scenery.input[0], scenery.input[1])
|
||||
assert.Equal(t, scenery.expected, actual, "This not is a valid MD5")
|
||||
})
|
||||
}
|
||||
|
||||
@ -30,6 +30,7 @@ export const CropperDiv = (props) => {
|
||||
const {title} = props;
|
||||
const {user} = props;
|
||||
const {buttonText} = props;
|
||||
const {organization} = props;
|
||||
let uploadButton;
|
||||
|
||||
const onChange = (e) => {
|
||||
@ -92,9 +93,8 @@ export const CropperDiv = (props) => {
|
||||
|
||||
const getOptions = (data) => {
|
||||
const options = [];
|
||||
if (props.account.organization.defaultAvatar !== null) {
|
||||
options.push({value: props.account.organization.defaultAvatar});
|
||||
}
|
||||
options.push({value: organization?.defaultAvatar});
|
||||
|
||||
for (let i = 0; i < data.length; i++) {
|
||||
if (data[i].fileType === "image") {
|
||||
const url = `${data[i].url}`;
|
||||
@ -125,7 +125,7 @@ export const CropperDiv = (props) => {
|
||||
|
||||
useEffect(() => {
|
||||
setLoading(true);
|
||||
ResourceBackend.getResources(props.account.owner, props.account.name, "", "", "", "", "", "")
|
||||
ResourceBackend.getResources(user.owner, user.name, "", "", "", "", "", "")
|
||||
.then((res) => {
|
||||
setLoading(false);
|
||||
setOptions(getOptions(res));
|
||||
|
||||
@ -242,7 +242,7 @@ class UserEditPage extends React.Component {
|
||||
</Col>
|
||||
</Row>
|
||||
<Row style={{marginTop: "20px"}}>
|
||||
<CropperDiv buttonText={`${i18next.t("user:Upload a photo")}...`} title={i18next.t("user:Upload a photo")} user={this.state.user} account={this.props.account} />
|
||||
<CropperDiv buttonText={`${i18next.t("user:Upload a photo")}...`} title={i18next.t("user:Upload a photo")} user={this.state.user} organization={this.state.organizations.find(organization => organization.name === this.state.organizationName)} />
|
||||
</Row>
|
||||
</Col>
|
||||
</Row>
|
||||
|
||||
Reference in New Issue
Block a user