From b91b4aec913842dc236937aca7d30ee5b37bc0fa Mon Sep 17 00:00:00 2001 From: Gucheng Wang Date: Thu, 13 Jan 2022 23:19:36 +0800 Subject: [PATCH] Allow global admin to modify username. --- controllers/base.go | 7 +++++++ controllers/resource.go | 2 +- controllers/user.go | 3 ++- object/user.go | 5 ++++- web/src/UserEditPage.js | 2 +- 5 files changed, 15 insertions(+), 4 deletions(-) diff --git a/controllers/base.go b/controllers/base.go index 36f54131..b86a77f0 100644 --- a/controllers/base.go +++ b/controllers/base.go @@ -18,6 +18,7 @@ import ( "time" "github.com/astaxie/beego" + "github.com/casbin/casdoor/object" "github.com/casbin/casdoor/util" ) @@ -35,6 +36,12 @@ type SessionData struct { ExpireTime int64 } +func (c *ApiController) IsGlobalAdmin() bool { + username := c.GetSessionUsername() + user := object.GetUser(username) + return user.Owner == "built-in" || user.IsGlobalAdmin +} + // GetSessionUsername ... func (c *ApiController) GetSessionUsername() string { // check if user session expired diff --git a/controllers/resource.go b/controllers/resource.go index 683cf164..1365b03d 100644 --- a/controllers/resource.go +++ b/controllers/resource.go @@ -202,7 +202,7 @@ func (c *ApiController) UploadResource() { } user.Avatar = fileUrl - object.UpdateUser(user.GetId(), user, []string{"avatar"}) + object.UpdateUser(user.GetId(), user, []string{"avatar"}, false) case "termsOfUse": applicationId := fmt.Sprintf("admin/%s", parent) app := object.GetApplication(applicationId) diff --git a/controllers/user.go b/controllers/user.go index f68771ce..938e3ef4 100644 --- a/controllers/user.go +++ b/controllers/user.go @@ -125,7 +125,8 @@ func (c *ApiController) UpdateUser() { columns = strings.Split(columnsStr, ",") } - affected := object.UpdateUser(id, &user, columns) + isGlobalAdmin := c.IsGlobalAdmin() + affected := object.UpdateUser(id, &user, columns, isGlobalAdmin) if affected { object.UpdateUserToOriginalDatabase(&user) } diff --git a/object/user.go b/object/user.go index 3b1ef322..6a1004e7 100644 --- a/object/user.go +++ b/object/user.go @@ -270,7 +270,7 @@ func GetLastUser(owner string) *User { return nil } -func UpdateUser(id string, user *User, columns []string) bool { +func UpdateUser(id string, user *User, columns []string, isGlobalAdmin bool) bool { owner, name := util.GetOwnerAndNameFromIdNoCheck(id) oldUser := getUser(owner, name) if oldUser == nil { @@ -288,6 +288,9 @@ func UpdateUser(id string, user *User, columns []string) bool { "location", "address", "region", "language", "affiliation", "title", "homepage", "bio", "score", "tag", "is_admin", "is_global_admin", "is_forbidden", "is_deleted", "hash", "is_default_avatar", "properties"} } + if isGlobalAdmin { + columns = append(columns, "name") + } affected, err := adapter.Engine.ID(core.PK{owner, name}).Cols(columns...).Update(user) if err != nil { diff --git a/web/src/UserEditPage.js b/web/src/UserEditPage.js index 1f64d901..4f5c8a8b 100644 --- a/web/src/UserEditPage.js +++ b/web/src/UserEditPage.js @@ -140,7 +140,7 @@ class UserEditPage extends React.Component { {Setting.getLabel(i18next.t("general:Name"), i18next.t("general:Name - Tooltip"))} : - { + { this.updateUserField('name', e.target.value); }} />