From f6a7888f8357f9213e5f54007083f427708a9860 Mon Sep 17 00:00:00 2001 From: Yang Luo Date: Thu, 26 Oct 2023 10:41:38 +0800 Subject: [PATCH] Deleted user cannot perform actions --- authz/authz.go | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/authz/authz.go b/authz/authz.go index be27a6be..82f974a5 100644 --- a/authz/authz.go +++ b/authz/authz.go @@ -127,8 +127,14 @@ func IsAllowed(subOwner string, subName string, method string, urlPath string, o return true } - if user != nil && user.IsAdmin && (subOwner == objOwner || (objOwner == "admin")) { - return true + if user != nil { + if user.IsDeleted { + return false + } + + if user.IsAdmin && (subOwner == objOwner || (objOwner == "admin")) { + return true + } } res, err := Enforcer.Enforce(subOwner, subName, method, urlPath, objOwner, objName)