fix: remove isGlobalAdmin field in user (#2235)

* refactor: remove isGlobalAdmin field in user * fix: upload xlsx * fix: remove field in account table
2025-07-03 12:30:19 +08:00 · 2023-08-19 12:23:15 +08:00
parent a07216d0e1
commit e5a189e0f4
28 changed files with 212 additions and 763 deletions
--- a/object/check.go
+++ b/object/check.go
@ -141,7 +141,7 @@ func checkSigninErrorTimes(user *User, lang string) string {
 		// reset the error times
 		user.SigninWrongTimes = 0

-		UpdateUser(user.GetId(), user, []string{"signin_wrong_times"}, user.IsGlobalAdmin)
+		UpdateUser(user.GetId(), user, []string{"signin_wrong_times"}, false)
 	}

 	return ""
@ -319,7 +319,7 @@ func CheckUserPermission(requestUserId, userId string, strict bool, lang string)
 		if requestUser == nil {
 			return false, fmt.Errorf(i18n.Translate(lang, "check:Session outdated, please login again"))
 		}
-		if requestUser.IsGlobalAdmin {
+		if requestUser.IsGlobalAdmin() {
 			hasPermission = true
 		} else if requestUserId == userId {
 			hasPermission = true
--- a/object/check_util.go
+++ b/object/check_util.go
@ -42,7 +42,7 @@ func resetUserSigninErrorTimes(user *User) {
 		return
 	}
 	user.SigninWrongTimes = 0
-	UpdateUser(user.GetId(), user, []string{"signin_wrong_times", "last_signin_wrong_time"}, user.IsGlobalAdmin)
+	UpdateUser(user.GetId(), user, []string{"signin_wrong_times", "last_signin_wrong_time"}, false)
 }

 func recordSigninErrorInfo(user *User, lang string, options ...bool) string {
@ -61,7 +61,7 @@ func recordSigninErrorInfo(user *User, lang string, options ...bool) string {
 	}

 	// update user
-	UpdateUser(user.GetId(), user, []string{"signin_wrong_times", "last_signin_wrong_time"}, user.IsGlobalAdmin)
+	UpdateUser(user.GetId(), user, []string{"signin_wrong_times", "last_signin_wrong_time"}, false)
 	leftChances := SigninWrongTimesLimit - user.SigninWrongTimes
 	if leftChances == 0 && enableCaptcha {
 		return fmt.Sprint(i18n.Translate(lang, "check:password or code is incorrect"))
--- a/object/init.go
+++ b/object/init.go
@ -73,7 +73,6 @@ func getBuiltInAccountItems() []*AccountItem {
 		{Name: "3rd-party logins", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
 		{Name: "Properties", Visible: false, ViewRule: "Admin", ModifyRule: "Admin"},
 		{Name: "Is admin", Visible: true, ViewRule: "Admin", ModifyRule: "Admin"},
-		{Name: "Is global admin", Visible: true, ViewRule: "Admin", ModifyRule: "Admin"},
 		{Name: "Is forbidden", Visible: true, ViewRule: "Admin", ModifyRule: "Admin"},
 		{Name: "Is deleted", Visible: true, ViewRule: "Admin", ModifyRule: "Admin"},
 		{Name: "Multi-factor authentication", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
@ -145,7 +144,6 @@ func initBuiltInUser() {
 		Score:             2000,
 		Ranking:           1,
 		IsAdmin:           true,
-		IsGlobalAdmin:     true,
 		IsForbidden:       false,
 		IsDeleted:         false,
 		SignupApplication: "app-built-in",
--- a/object/mfa.go
+++ b/object/mfa.go
@ -84,7 +84,7 @@ func MfaRecover(user *User, recoveryCode string) error {
 		return fmt.Errorf("recovery code not found")
 	}

-	_, err := UpdateUser(user.GetId(), user, []string{"recovery_codes"}, user.IsAdminUser())
+	_, err := UpdateUser(user.GetId(), user, []string{"recovery_codes"}, false)
 	if err != nil {
 		return err
 	}
@ -181,7 +181,7 @@ func DisabledMultiFactorAuth(user *User) error {
 func SetPreferredMultiFactorAuth(user *User, mfaType string) error {
 	user.PreferredMfaType = mfaType

-	_, err := UpdateUser(user.GetId(), user, []string{"preferred_mfa_type"}, user.IsAdminUser())
+	_, err := UpdateUser(user.GetId(), user, []string{"preferred_mfa_type"}, false)
 	if err != nil {
 		return err
 	}
--- a/object/oidc_discovery.go
+++ b/object/oidc_discovery.go
@ -103,7 +103,7 @@ func GetOidcDiscovery(host string) OidcDiscovery {
 		SubjectTypesSupported:                  []string{"public"},
 		IdTokenSigningAlgValuesSupported:       []string{"RS256"},
 		ScopesSupported:                        []string{"openid", "email", "profile", "address", "phone", "offline_access"},
-		ClaimsSupported:                        []string{"iss", "ver", "sub", "aud", "iat", "exp", "id", "type", "displayName", "avatar", "permanentAvatar", "email", "phone", "location", "affiliation", "title", "homepage", "bio", "tag", "region", "language", "score", "ranking", "isOnline", "isAdmin", "isGlobalAdmin", "isForbidden", "signupApplication", "ldap"},
+		ClaimsSupported:                        []string{"iss", "ver", "sub", "aud", "iat", "exp", "id", "type", "displayName", "avatar", "permanentAvatar", "email", "phone", "location", "affiliation", "title", "homepage", "bio", "tag", "region", "language", "score", "ranking", "isOnline", "isAdmin", "isForbidden", "signupApplication", "ldap"},
 		RequestParameterSupported:              true,
 		RequestObjectSigningAlgValuesSupported: []string{"HS256", "HS384", "HS512"},
 		EndSessionEndpoint:                     fmt.Sprintf("%s/api/logout", originBackend),
--- a/object/syncer_util.go
+++ b/object/syncer_util.go
@ -154,8 +154,6 @@ func (syncer *Syncer) setUserByKeyValue(user *User, key string, value string) {
 		user.IsOnline = util.ParseBool(value)
 	case "IsAdmin":
 		user.IsAdmin = util.ParseBool(value)
-	case "IsGlobalAdmin":
-		user.IsGlobalAdmin = util.ParseBool(value)
 	case "IsForbidden":
 		user.IsForbidden = util.ParseBool(value)
 	case "IsDeleted":
@ -289,7 +287,6 @@ func (syncer *Syncer) getMapFromOriginalUser(user *OriginalUser) map[string]stri
 	m["IsDefaultAvatar"] = util.BoolToString(user.IsDefaultAvatar)
 	m["IsOnline"] = util.BoolToString(user.IsOnline)
 	m["IsAdmin"] = util.BoolToString(user.IsAdmin)
-	m["IsGlobalAdmin"] = util.BoolToString(user.IsGlobalAdmin)
 	m["IsForbidden"] = util.BoolToString(user.IsForbidden)
 	m["IsDeleted"] = util.BoolToString(user.IsDeleted)
 	m["CreatedIp"] = user.CreatedIp
--- a/object/token.go
+++ b/object/token.go
@ -824,7 +824,6 @@ func GetWechatMiniProgramToken(application *Application, code string, host strin
 			Type:              "normal-user",
 			CreatedTime:       util.GetCurrentTime(),
 			IsAdmin:           false,
-			IsGlobalAdmin:     false,
 			IsForbidden:       false,
 			IsDeleted:         false,
 			Properties: map[string]string{
--- a/object/token_jwt.go
+++ b/object/token_jwt.go
@ -73,7 +73,6 @@ type UserWithoutThirdIdp struct {
 	IsDefaultAvatar     bool              `json:"isDefaultAvatar"`
 	IsOnline            bool              `json:"isOnline"`
 	IsAdmin             bool              `json:"isAdmin"`
-	IsGlobalAdmin       bool              `json:"isGlobalAdmin"`
 	IsForbidden         bool              `json:"isForbidden"`
 	IsDeleted           bool              `json:"isDeleted"`
 	SignupApplication   string            `xorm:"varchar(100)" json:"signupApplication"`
@ -154,7 +153,6 @@ func getUserWithoutThirdIdp(user *User) *UserWithoutThirdIdp {
 		IsDefaultAvatar:   user.IsDefaultAvatar,
 		IsOnline:          user.IsOnline,
 		IsAdmin:           user.IsAdmin,
-		IsGlobalAdmin:     user.IsGlobalAdmin,
 		IsForbidden:       user.IsForbidden,
 		IsDeleted:         user.IsDeleted,
 		SignupApplication: user.SignupApplication,
--- a/object/user.go
+++ b/object/user.go
@ -83,7 +83,6 @@ type User struct {
 	IsDefaultAvatar   bool     `json:"isDefaultAvatar"`
 	IsOnline          bool     `json:"isOnline"`
 	IsAdmin           bool     `json:"isAdmin"`
-	IsGlobalAdmin     bool     `json:"isGlobalAdmin"`
 	IsForbidden       bool     `json:"isForbidden"`
 	IsDeleted         bool     `json:"isDeleted"`
 	SignupApplication string   `xorm:"varchar(100)" json:"signupApplication"`
@ -530,7 +529,7 @@ func UpdateUser(id string, user *User, columns []string, isAdmin bool) (bool, er
 		columns = []string{
 			"owner", "display_name", "avatar",
 			"location", "address", "country_code", "region", "language", "affiliation", "title", "homepage", "bio", "tag", "language", "gender", "birthday", "education", "score", "karma", "ranking", "signup_application",
-			"is_admin", "is_global_admin", "is_forbidden", "is_deleted", "hash", "is_default_avatar", "properties", "webauthnCredentials", "managedAccounts",
+			"is_admin", "is_forbidden", "is_deleted", "hash", "is_default_avatar", "properties", "webauthnCredentials", "managedAccounts",
 			"signin_wrong_times", "last_signin_wrong_time", "groups", "access_key", "access_secret",
 			"github", "google", "qq", "wechat", "facebook", "dingtalk", "weibo", "gitee", "linkedin", "wecom", "lark", "gitlab", "adfs",
 			"baidu", "alipay", "casdoor", "infoflow", "apple", "azuread", "slack", "steam", "bilibili", "okta", "douyin", "line", "amazon",
@ -891,5 +890,13 @@ func (user *User) IsApplicationAdmin(application *Application) bool {
 		return false
 	}

-	return (user.Owner == application.Organization && user.IsAdmin) || user.IsGlobalAdmin
+	return (user.Owner == application.Organization && user.IsAdmin) || user.IsGlobalAdmin()
+}
+
+func (user *User) IsGlobalAdmin() bool {
+	if user == nil {
+		return false
+	}
+
+	return user.Owner == "built-in"
 }
--- a/object/user_upload.go
+++ b/object/user_upload.go
@ -124,15 +124,14 @@ func UploadUsers(owner string, fileId string) (bool, error) {
 			IsDefaultAvatar:   false,
 			IsOnline:          parseLineItemBool(&line, 31),
 			IsAdmin:           parseLineItemBool(&line, 32),
-			IsGlobalAdmin:     parseLineItemBool(&line, 33),
-			IsForbidden:       parseLineItemBool(&line, 34),
-			IsDeleted:         parseLineItemBool(&line, 35),
-			SignupApplication: parseLineItem(&line, 36),
+			IsForbidden:       parseLineItemBool(&line, 33),
+			IsDeleted:         parseLineItemBool(&line, 34),
+			SignupApplication: parseLineItem(&line, 35),
 			Hash:              "",
 			PreHash:           "",
-			CreatedIp:         parseLineItem(&line, 37),
-			LastSigninTime:    parseLineItem(&line, 38),
-			LastSigninIp:      parseLineItem(&line, 39),
+			CreatedIp:         parseLineItem(&line, 36),
+			LastSigninTime:    parseLineItem(&line, 37),
+			LastSigninIp:      parseLineItem(&line, 38),
 			Ldap:              "",
 			Properties:        map[string]string{},
 		}
--- a/object/user_util.go
+++ b/object/user_util.go
@ -310,10 +310,7 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 		item := GetAccountItemByName("Is admin", organization)
 		itemsChanged = append(itemsChanged, item)
 	}
-	if oldUser.IsGlobalAdmin != newUser.IsGlobalAdmin {
-		item := GetAccountItemByName("Is global admin", organization)
-		itemsChanged = append(itemsChanged, item)
-	}
+
 	if oldUser.IsForbidden != newUser.IsForbidden {
 		item := GetAccountItemByName("Is forbidden", organization)
 		itemsChanged = append(itemsChanged, item)
@ -351,5 +348,5 @@ func (user *User) IsAdminUser() bool {
 		return false
 	}

-	return user.IsAdmin || user.IsGlobalAdmin
+	return user.IsAdmin || user.IsGlobalAdmin()
 }