From d3a2c2a66eb91c723a2f82def013fe2202dbdd4f Mon Sep 17 00:00:00 2001
From: Gucheng Wang <nomeguy@qq.com>
Date: Fri, 7 Oct 2022 15:59:23 +0800
Subject: [PATCH] Improve org admin permissions

---
 authz/authz.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/authz/authz.go b/authz/authz.go
index 9acd6e88..abfbb903 100644
--- a/authz/authz.go
+++ b/authz/authz.go
@@ -15,12 +15,14 @@
 package authz
 
 import (
+	"fmt"
 	"strings"
 
 	"github.com/casbin/casbin/v2"
 	"github.com/casbin/casbin/v2/model"
 	xormadapter "github.com/casbin/xorm-adapter/v3"
 	"github.com/casdoor/casdoor/conf"
+	"github.com/casdoor/casdoor/object"
 	stringadapter "github.com/qiangmzsx/string-adapter/v2"
 )
 
@@ -138,6 +140,12 @@ func IsAllowed(subOwner string, subName string, method string, urlPath string, o
 		}
 	}
 
+	userId := fmt.Sprintf("%s/%s", subOwner, subName)
+	user := object.GetUser(userId)
+	if user != nil && user.IsAdmin && subOwner == objOwner {
+		return true
+	}
+
 	res, err := Enforcer.Enforce(subOwner, subName, method, urlPath, objOwner, objName)
 	if err != nil {
 		panic(err)