Revert "feat: fix the bug that sycner does not initialize (#1924 )"

This reverts commit ec3c24ba68.
2025-08-21 03:10:33 +08:00 · 2023-06-03 09:12:49 +08:00
147 changed files with 756 additions and 4461 deletions
--- a/authz/authz.go
+++ b/authz/authz.go
@@ -124,6 +124,7 @@ p, *, *, GET, /api/get-release, *, *
 p, *, *, GET, /api/get-default-application, *, *
 p, *, *, GET, /api/get-prometheus-info, *, *
 p, *, *, *, /api/metrics, *, *
+p, *, *, GET, /api/get-subscriptions, *, *
 p, *, *, GET, /api/get-pricing, *, *
 p, *, *, GET, /api/get-plan, *, *
 p, *, *, GET, /api/get-organization-names, *, *
--- a/conf/app.conf
+++ b/conf/app.conf
@@ -21,5 +21,4 @@ isDemoMode = false
 batchSize = 100
 ldapServerPort = 389
 quota = {"organization": -1, "user": -1, "application": -1, "provider": -1}
-logConfig = {"filename": "logs/casdoor.log", "maxdays":99999, "perm":"0770"}
-initDataFile = "./init_data.json"
+logConfig = {"filename": "logs/casdoor.log", "maxdays":99999, "perm":"0770"}
--- a/conf/conf.go
+++ b/conf/conf.go
@@ -66,8 +66,6 @@ func GetConfigString(key string) string {
 	if res == "" {
 		if key == "staticBaseUrl" {
 			res = "https://cdn.casbin.org"
-		} else if key == "logConfig" {
-			res = "{\"filename\": \"logs/casdoor.log\", \"maxdays\":99999, \"perm\":\"0770\"}"
 		}
 	}

@@ -110,10 +108,10 @@ func GetLanguage(language string) string {
 		return "en"
 	}

-	if len(language) != 2 {
+	if len(language) < 2 {
 		return "en"
 	} else {
-		return language
+		return language[0:2]
 	}
 }

--- a/controllers/account.go
+++ b/controllers/account.go
@@ -140,13 +140,6 @@ func (c *ApiController) Signup() {
 		username = id
 	}

-	password := authForm.Password
-	msg = object.CheckPasswordComplexityByOrg(organization, password)
-	if msg != "" {
-		c.ResponseError(msg)
-		return
-	}
-
 	initScore, err := organization.GetInitScore()
 	if err != nil {
 		c.ResponseError(fmt.Errorf(c.T("account:Get init score failed, error: %w"), err).Error())
--- a/controllers/auth.go
+++ b/controllers/auth.go
@@ -528,7 +528,7 @@ func (c *ApiController) Login() {
 					}

 					properties := map[string]string{}
-					count, err := object.GetUserCount(application.Organization, "", "", "")
+					count, err := object.GetUserCount(application.Organization, "", "")
 					if err != nil {
 						c.ResponseError(err.Error())
 						return
--- a/controllers/casbin_adapter.go
+++ b/controllers/casbin_adapter.go
@@ -23,13 +23,6 @@ import (
 	xormadapter "github.com/casdoor/xorm-adapter/v3"
 )

-// GetCasbinAdapters
-// @Title GetCasbinAdapters
-// @Tag Adapter API
-// @Description get adapters
-// @Param   owner     query    string  true        "The owner of adapters"
-// @Success 200 {array} object.Adapter The Response object
-// @router /get-adapters [get]
 func (c *ApiController) GetCasbinAdapters() {
 	owner := c.Input().Get("owner")
 	limit := c.Input().Get("pageSize")
@@ -38,9 +31,9 @@ func (c *ApiController) GetCasbinAdapters() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
+	organization := c.Input().Get("organization")
 	if limit == "" || page == "" {
-		adapters, err := object.GetCasbinAdapters(owner)
+		adapters, err := object.GetCasbinAdapters(owner, organization)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
@@ -49,14 +42,14 @@ func (c *ApiController) GetCasbinAdapters() {
 		c.ResponseOk(adapters)
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetCasbinAdapterCount(owner, field, value)
+		count, err := object.GetCasbinAdapterCount(owner, organization, field, value)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}

 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		adapters, err := object.GetPaginationCasbinAdapters(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
+		adapters, err := object.GetPaginationCasbinAdapters(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
@@ -66,16 +59,8 @@ func (c *ApiController) GetCasbinAdapters() {
 	}
 }

-// GetCasbinAdapter
-// @Title GetCasbinAdapter
-// @Tag Adapter API
-// @Description get adapter
-// @Param   id     query    string  true        "The id ( owner/name ) of the adapter"
-// @Success 200 {object} object.Adapter The Response object
-// @router /get-adapter [get]
 func (c *ApiController) GetCasbinAdapter() {
 	id := c.Input().Get("id")
-
 	adapter, err := object.GetCasbinAdapter(id)
 	if err != nil {
 		c.ResponseError(err.Error())
@@ -85,14 +70,6 @@ func (c *ApiController) GetCasbinAdapter() {
 	c.ResponseOk(adapter)
 }

-// UpdateCasbinAdapter
-// @Title UpdateCasbinAdapter
-// @Tag Adapter API
-// @Description update adapter
-// @Param   id     query    string  true        "The id ( owner/name ) of the adapter"
-// @Param   body    body   object.Adapter  true        "The details of the adapter"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-adapter [post]
 func (c *ApiController) UpdateCasbinAdapter() {
 	id := c.Input().Get("id")

@@ -107,13 +84,6 @@ func (c *ApiController) UpdateCasbinAdapter() {
 	c.ServeJSON()
 }

-// AddCasbinAdapter
-// @Title AddCasbinAdapter
-// @Tag Adapter API
-// @Description add adapter
-// @Param   body    body   object.Adapter  true        "The details of the adapter"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-adapter [post]
 func (c *ApiController) AddCasbinAdapter() {
 	var casbinAdapter object.CasbinAdapter
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &casbinAdapter)
@@ -126,13 +96,6 @@ func (c *ApiController) AddCasbinAdapter() {
 	c.ServeJSON()
 }

-// DeleteCasbinAdapter
-// @Title DeleteCasbinAdapter
-// @Tag Adapter API
-// @Description delete adapter
-// @Param   body    body   object.Adapter  true        "The details of the adapter"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-adapter [post]
 func (c *ApiController) DeleteCasbinAdapter() {
 	var casbinAdapter object.CasbinAdapter
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &casbinAdapter)
--- a/controllers/enforcer.go
+++ b/controllers/enforcer.go
@@ -21,16 +21,6 @@ import (
 	"github.com/casdoor/casdoor/util"
 )

-// Enforce
-// @Title Enforce
-// @Tag Enforce API
-// @Description Call Casbin Enforce API
-// @Param   body    body   object.CasbinRequest  true   "Casbin request"
-// @Param   permissionId    query   string  false   "permission id"
-// @Param   modelId    query   string  false   "model id"
-// @Param   resourceId    query   string  false   "resource id"
-// @Success 200 {object} controllers.Response The Response object
-// @router /enforce [post]
 func (c *ApiController) Enforce() {
 	permissionId := c.Input().Get("permissionId")
 	modelId := c.Input().Get("modelId")
@@ -44,59 +34,33 @@ func (c *ApiController) Enforce() {
 	}

 	if permissionId != "" {
-		enforceResult, err := object.Enforce(permissionId, &request)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		res := []bool{}
-		res = append(res, enforceResult)
-		c.ResponseOk(res)
+		c.ResponseOk(object.Enforce(permissionId, &request))
 		return
 	}

-	permissions := []*object.Permission{}
+	permissions := make([]*object.Permission, 0)
+	res := []bool{}
+
 	if modelId != "" {
 		owner, modelName := util.GetOwnerAndNameFromId(modelId)
 		permissions, err = object.GetPermissionsByModel(owner, modelName)
 		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	} else if resourceId != "" {
-		permissions, err = object.GetPermissionsByResource(resourceId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
+			panic(err)
 		}
 	} else {
-		c.ResponseError(c.T("general:Missing parameter"))
-		return
-	}
-
-	res := []bool{}
-	for _, permission := range permissions {
-		enforceResult, err := object.Enforce(permission.GetId(), &request)
+		permissions, err = object.GetPermissionsByResource(resourceId)
 		if err != nil {
-			c.ResponseError(err.Error())
-			return
+			panic(err)
 		}
-
-		res = append(res, enforceResult)
 	}
-	c.ResponseOk(res)
+
+	for _, permission := range permissions {
+		res = append(res, object.Enforce(permission.GetId(), &request))
+	}
+	c.Data["json"] = res
+	c.ServeJSON()
 }

-// BatchEnforce
-// @Title BatchEnforce
-// @Tag Enforce API
-// @Description Call Casbin BatchEnforce API
-// @Param   body    body   object.CasbinRequest  true   "array of casbin requests"
-// @Param   permissionId    query   string  false   "permission id"
-// @Param   modelId    query   string  false   "model id"
-// @Success 200 {object} controllers.Response The Response object
-// @router /batch-enforce [post]
 func (c *ApiController) BatchEnforce() {
 	permissionId := c.Input().Get("permissionId")
 	modelId := c.Input().Get("modelId")
@@ -104,47 +68,26 @@ func (c *ApiController) BatchEnforce() {
 	var requests []object.CasbinRequest
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &requests)
 	if err != nil {
-		c.ResponseError(err.Error())
-		return
+		panic(err)
 	}

 	if permissionId != "" {
-		enforceResult, err := object.BatchEnforce(permissionId, &requests)
+		c.Data["json"] = object.BatchEnforce(permissionId, &requests)
+		c.ServeJSON()
+	} else {
+		owner, modelName := util.GetOwnerAndNameFromId(modelId)
+		permissions, err := object.GetPermissionsByModel(owner, modelName)
 		if err != nil {
-			c.ResponseError(err.Error())
-			return
+			panic(err)
 		}

 		res := [][]bool{}
-		res = append(res, enforceResult)
+		for _, permission := range permissions {
+			res = append(res, object.BatchEnforce(permission.GetId(), &requests))
+		}
+
 		c.ResponseOk(res)
-		return
 	}
-
-	permissions := []*object.Permission{}
-	if modelId != "" {
-		owner, modelName := util.GetOwnerAndNameFromId(modelId)
-		permissions, err = object.GetPermissionsByModel(owner, modelName)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	} else {
-		c.ResponseError(c.T("general:Missing parameter"))
-		return
-	}
-
-	res := [][]bool{}
-	for _, permission := range permissions {
-		enforceResult, err := object.BatchEnforce(permission.GetId(), &requests)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		res = append(res, enforceResult)
-	}
-	c.ResponseOk(res)
 }

 func (c *ApiController) GetAllObjects() {
--- a/controllers/group.go
+++ b/controllers/group.go
@@ -1,148 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetGroups
-// @Title GetGroups
-// @Tag Group API
-// @Description get groups
-// @Param   owner     query    string  true        "The owner of groups"
-// @Success 200 {array} object.Group The Response object
-// @router /get-groups [get]
-func (c *ApiController) GetGroups() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-	withTree := c.Input().Get("withTree")
-
-	if limit == "" || page == "" {
-		groups, err := object.GetGroups(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		} else {
-			if withTree == "true" {
-				c.ResponseOk(object.ConvertToTreeData(groups, owner))
-				return
-			}
-			c.ResponseOk(groups)
-		}
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetGroupCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		groups, err := object.GetPaginationGroups(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		} else {
-			c.ResponseOk(groups, paginator.Nums())
-		}
-	}
-}
-
-// GetGroup
-// @Title GetGroup
-// @Tag Group API
-// @Description get group
-// @Param   id     query    string  true        "The id ( owner/name ) of the group"
-// @Success 200 {object} object.Group The Response object
-// @router /get-group [get]
-func (c *ApiController) GetGroup() {
-	id := c.Input().Get("id")
-
-	group, err := object.GetGroup(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-	} else {
-		c.ResponseOk(group)
-	}
-}
-
-// UpdateGroup
-// @Title UpdateGroup
-// @Tag Group API
-// @Description update group
-// @Param   id     query    string  true        "The id ( owner/name ) of the group"
-// @Param   body    body   object.Group  true        "The details of the group"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-group [post]
-func (c *ApiController) UpdateGroup() {
-	id := c.Input().Get("id")
-
-	var group object.Group
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &group)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateGroup(id, &group))
-	c.ServeJSON()
-}
-
-// AddGroup
-// @Title AddGroup
-// @Tag Group API
-// @Description add group
-// @Param   body    body   object.Group  true      "The details of the group"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-group [post]
-func (c *ApiController) AddGroup() {
-	var group object.Group
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &group)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddGroup(&group))
-	c.ServeJSON()
-}
-
-// DeleteGroup
-// @Title DeleteGroup
-// @Tag Group API
-// @Description delete group
-// @Param   body    body   object.Group  true        "The details of the group"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-group [post]
-func (c *ApiController) DeleteGroup() {
-	var group object.Group
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &group)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteGroup(&group))
-	c.ServeJSON()
-}
--- a/controllers/message.go
+++ b/controllers/message.go
@@ -34,7 +34,6 @@ import (
 // @router /get-messages [get]
 func (c *ApiController) GetMessages() {
 	owner := c.Input().Get("owner")
-	organization := c.Input().Get("organization")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
@@ -42,7 +41,7 @@ func (c *ApiController) GetMessages() {
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	chat := c.Input().Get("chat")
-
+	organization := c.Input().Get("organization")
 	if limit == "" || page == "" {
 		var messages []*object.Message
 		var err error
--- a/controllers/organization.go
+++ b/controllers/organization.go
@@ -47,31 +47,21 @@ func (c *ApiController) GetOrganizations() {
 		c.Data["json"] = maskedOrganizations
 		c.ServeJSON()
 	} else {
-		isGlobalAdmin := c.IsGlobalAdmin()
-		if !isGlobalAdmin {
-			maskedOrganizations, err := object.GetMaskedOrganizations(object.GetOrganizations(owner, c.getCurrentUser().Owner))
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-			c.ResponseOk(maskedOrganizations)
-		} else {
-			limit := util.ParseInt(limit)
-			count, err := object.GetOrganizationCount(owner, field, value)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
-			paginator := pagination.SetPaginator(c.Ctx, limit, count)
-			organizations, err := object.GetMaskedOrganizations(object.GetPaginationOrganizations(owner, paginator.Offset(), limit, field, value, sortField, sortOrder))
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
-			c.ResponseOk(organizations, paginator.Nums())
+		limit := util.ParseInt(limit)
+		count, err := object.GetOrganizationCount(owner, field, value)
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
 		}
+
+		paginator := pagination.SetPaginator(c.Ctx, limit, count)
+		organizations, err := object.GetMaskedOrganizations(object.GetPaginationOrganizations(owner, paginator.Offset(), limit, field, value, sortField, sortOrder))
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
+
+		c.ResponseOk(organizations, paginator.Nums())
 	}
 }

@@ -84,13 +74,14 @@ func (c *ApiController) GetOrganizations() {
 // @router /get-organization [get]
 func (c *ApiController) GetOrganization() {
 	id := c.Input().Get("id")
+
 	maskedOrganization, err := object.GetMaskedOrganization(object.GetOrganization(id))
 	if err != nil {
-		c.ResponseError(err.Error())
-		return
+		panic(err)
 	}

-	c.ResponseOk(maskedOrganization)
+	c.Data["json"] = maskedOrganization
+	c.ServeJSON()
 }

 // UpdateOrganization ...
@@ -189,12 +180,12 @@ func (c *ApiController) GetDefaultApplication() {
 // @Title GetOrganizationNames
 // @Tag Organization API
 // @Param   owner     query    string    true   "owner"
-// @Description get all organization name and displayName
+// @Description get all organization names
 // @Success 200 {array} object.Organization The Response object
 // @router /get-organization-names [get]
 func (c *ApiController) GetOrganizationNames() {
 	owner := c.Input().Get("owner")
-	organizationNames, err := object.GetOrganizationsByFields(owner, []string{"name", "display_name"}...)
+	organizationNames, err := object.GetOrganizationsByFields(owner, "name")
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
--- a/controllers/payment.go
+++ b/controllers/payment.go
@@ -31,7 +31,6 @@ import (
 // @router /get-payments [get]
 func (c *ApiController) GetPayments() {
 	owner := c.Input().Get("owner")
-	organization := c.Input().Get("organization")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
@@ -49,13 +48,13 @@ func (c *ApiController) GetPayments() {
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetPaymentCount(owner, organization, field, value)
+		count, err := object.GetPaymentCount(owner, field, value)
 		if err != nil {
 			panic(err)
 		}

 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		payments, err := object.GetPaginationPayments(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
+		payments, err := object.GetPaginationPayments(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			panic(err)
 		}
@@ -178,11 +177,10 @@ func (c *ApiController) NotifyPayment() {
 	providerName := c.Ctx.Input.Param(":provider")
 	productName := c.Ctx.Input.Param(":product")
 	paymentName := c.Ctx.Input.Param(":payment")
-	orderId := c.Ctx.Input.Param("order")

 	body := c.Ctx.Input.RequestBody

-	err, errorResponse := object.NotifyPayment(c.Ctx.Request, body, owner, providerName, productName, paymentName, orderId)
+	err, errorResponse := object.NotifyPayment(c.Ctx.Request, body, owner, providerName, productName, paymentName)

 	_, err2 := c.Ctx.ResponseWriter.Write([]byte(errorResponse))
 	if err2 != nil {
--- a/controllers/product.go
+++ b/controllers/product.go
@@ -180,11 +180,11 @@ func (c *ApiController) BuyProduct() {
 		return
 	}

-	payUrl, orderId, err := object.BuyProduct(id, providerName, user, host)
+	payUrl, err := object.BuyProduct(id, providerName, user, host)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}

-	c.ResponseOk(payUrl, orderId)
+	c.ResponseOk(payUrl)
 }
--- a/controllers/resource.go
+++ b/controllers/resource.go
@@ -139,9 +139,8 @@ func (c *ApiController) DeleteResource() {
 		return
 	}

-	provider, err := c.GetProviderFromContext("Storage")
-	if err != nil {
-		c.ResponseError(err.Error())
+	provider, _, ok := c.GetProviderFromContext("Storage")
+	if !ok {
 		return
 	}

@@ -188,9 +187,8 @@ func (c *ApiController) UploadResource() {
 		return
 	}

-	provider, err := c.GetProviderFromContext("Storage")
-	if err != nil {
-		c.ResponseError(err.Error())
+	provider, _, ok := c.GetProviderFromContext("Storage")
+	if !ok {
 		return
 	}

--- a/controllers/service.go
+++ b/controllers/service.go
@@ -69,9 +69,9 @@ func (c *ApiController) SendEmail() {

 	} else {
 		// called by Casdoor SDK via Client ID & Client Secret, so the used Email provider will be the application' Email provider or the default Email provider
-		provider, err = c.GetProviderFromContext("Email")
-		if err != nil {
-			c.ResponseError(err.Error())
+		var ok bool
+		provider, _, ok = c.GetProviderFromContext("Email")
+		if !ok {
 			return
 		}
 	}
@@ -127,14 +127,13 @@ func (c *ApiController) SendEmail() {
 // @Success 200 {object}  Response object
 // @router /api/send-sms [post]
 func (c *ApiController) SendSms() {
-	provider, err := c.GetProviderFromContext("SMS")
-	if err != nil {
-		c.ResponseError(err.Error())
+	provider, _, ok := c.GetProviderFromContext("SMS")
+	if !ok {
 		return
 	}

 	var smsForm SmsForm
-	err = json.Unmarshal(c.Ctx.Input.RequestBody, &smsForm)
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &smsForm)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
--- a/controllers/user.go
+++ b/controllers/user.go
@@ -80,7 +80,6 @@ func (c *ApiController) GetGlobalUsers() {
 // @router /get-users [get]
 func (c *ApiController) GetUsers() {
 	owner := c.Input().Get("owner")
-	groupId := c.Input().Get("groupId")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
@@ -89,16 +88,6 @@ func (c *ApiController) GetUsers() {
 	sortOrder := c.Input().Get("sortOrder")

 	if limit == "" || page == "" {
-		if groupId != "" {
-			maskedUsers, err := object.GetMaskedUsers(object.GetGroupUsers(groupId))
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-			c.ResponseOk(maskedUsers)
-			return
-		}
-
 		maskedUsers, err := object.GetMaskedUsers(object.GetUsers(owner))
 		if err != nil {
 			panic(err)
@@ -108,14 +97,14 @@ func (c *ApiController) GetUsers() {
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetUserCount(owner, field, value, groupId)
+		count, err := object.GetUserCount(owner, field, value)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}

 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		users, err := object.GetPaginationUsers(owner, paginator.Offset(), limit, field, value, sortField, sortOrder, groupId)
+		users, err := object.GetPaginationUsers(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
@@ -298,7 +287,7 @@ func (c *ApiController) AddUser() {
 		return
 	}

-	count, err := object.GetUserCount("", "", "", "")
+	count, err := object.GetUserCount("", "", "")
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -410,6 +399,10 @@ func (c *ApiController) SetPassword() {
 		c.ResponseError(c.T("user:New password cannot contain blank space."))
 		return
 	}
+	if len(newPassword) <= 5 {
+		c.ResponseError(c.T("user:New password must have at least 6 characters"))
+		return
+	}

 	userId := util.GetId(userOwner, userName)

@@ -444,12 +437,6 @@ func (c *ApiController) SetPassword() {
 		}
 	}

-	msg := object.CheckPasswordComplexity(targetUser, newPassword)
-	if msg != "" {
-		c.ResponseError(msg)
-		return
-	}
-
 	targetUser.Password = newPassword
 	_, err = object.SetUserField(targetUser, "password", targetUser.Password)
 	if err != nil {
@@ -518,7 +505,7 @@ func (c *ApiController) GetUserCount() {
 	var count int64
 	var err error
 	if isOnline == "" {
-		count, err = object.GetUserCount(owner, "", "", "")
+		count, err = object.GetUserCount(owner, "", "")
 	} else {
 		count, err = object.GetOnlineUserCount(owner, util.ParseInt(isOnline))
 	}
@@ -530,34 +517,3 @@ func (c *ApiController) GetUserCount() {
 	c.Data["json"] = count
 	c.ServeJSON()
 }
-
-// AddUserkeys
-// @Title AddUserkeys
-// @router /add-user-keys [post]
-// @Tag User API
-func (c *ApiController) AddUserkeys() {
-	var user object.User
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	isAdmin := c.IsAdmin()
-	affected, err := object.AddUserkeys(&user, isAdmin)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(affected)
-}
-
-func (c *ApiController) RemoveUserFromGroup() {
-	owner := c.Ctx.Request.Form.Get("owner")
-	name := c.Ctx.Request.Form.Get("name")
-	groupId := c.Ctx.Request.Form.Get("groupId")
-
-	c.Data["json"] = wrapActionResponse(object.RemoveUserFromGroup(owner, name, groupId))
-	c.ServeJSON()
-}
--- a/controllers/util.go
+++ b/controllers/util.go
@@ -139,46 +139,47 @@ func (c *ApiController) IsMaskedEnabled() (bool, bool) {
 	return true, isMaskEnabled
 }

-func (c *ApiController) GetProviderFromContext(category string) (*object.Provider, error) {
+func (c *ApiController) GetProviderFromContext(category string) (*object.Provider, *object.User, bool) {
 	providerName := c.Input().Get("provider")
 	if providerName != "" {
 		provider, err := object.GetProvider(util.GetId("admin", providerName))
 		if err != nil {
-			return nil, err
+			panic(err)
 		}

 		if provider == nil {
-			err = fmt.Errorf(c.T("util:The provider: %s is not found"), providerName)
-			return nil, err
+			c.ResponseError(fmt.Sprintf(c.T("util:The provider: %s is not found"), providerName))
+			return nil, nil, false
 		}
-
-		return provider, nil
+		return provider, nil, true
 	}

 	userId, ok := c.RequireSignedIn()
 	if !ok {
-		return nil, fmt.Errorf(c.T("general:Please login first"))
+		return nil, nil, false
 	}

-	application, err := object.GetApplicationByUserId(userId)
+	application, user, err := object.GetApplicationByUserId(userId)
 	if err != nil {
-		return nil, err
+		panic(err)
 	}

 	if application == nil {
-		return nil, fmt.Errorf(c.T("util:No application is found for userId: %s"), userId)
+		c.ResponseError(fmt.Sprintf(c.T("util:No application is found for userId: %s"), userId))
+		return nil, nil, false
 	}

 	provider, err := application.GetProviderByCategory(category)
 	if err != nil {
-		return nil, err
+		panic(err)
 	}

 	if provider == nil {
-		return nil, fmt.Errorf(c.T("util:No provider for category: %s is found for application: %s"), category, application.Name)
+		c.ResponseError(fmt.Sprintf(c.T("util:No provider for category: %s is found for application: %s"), category, application.Name))
+		return nil, nil, false
 	}

-	return provider, nil
+	return provider, user, true
 }

 func checkQuotaForApplication(count int) error {
--- a/go.mod
+++ b/go.mod
@@ -59,7 +59,6 @@ require (
 	github.com/tealeg/xlsx v1.0.5
 	github.com/thanhpk/randstr v1.0.4
 	github.com/tklauser/go-sysconf v0.3.10 // indirect
-	github.com/xorm-io/builder v0.3.13 // indirect
 	github.com/xorm-io/core v0.7.4
 	github.com/xorm-io/xorm v1.1.6
 	github.com/yusufpapurcu/wmi v1.2.2 // indirect
--- a/i18n/locales/de/data.json
+++ b/i18n/locales/de/data.json
@@ -68,8 +68,7 @@
    "Missing parameter": "Fehlender Parameter",
    "Please login first": "Bitte zuerst einloggen",
    "The user: %s doesn't exist": "Der Benutzer %s existiert nicht",
-    "don't support captchaProvider: ": "Unterstütze captchaProvider nicht:",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
+    "don't support captchaProvider: ": "Unterstütze captchaProvider nicht:"
  },
  "ldap": {
    "Ldap server exist": "Es gibt einen LDAP-Server"
@@ -120,7 +119,8 @@
  },
  "user": {
    "Display name cannot be empty": "Anzeigename darf nicht leer sein",
-    "New password cannot contain blank space.": "Das neue Passwort darf keine Leerzeichen enthalten."
+    "New password cannot contain blank space.": "Das neue Passwort darf keine Leerzeichen enthalten.",
+    "New password must have at least 6 characters": "Das neue Passwort muss mindestens 6 Zeichen haben"
  },
  "user_upload": {
    "Failed to import users": "Fehler beim Importieren von Benutzern"
--- a/i18n/locales/en/data.json
+++ b/i18n/locales/en/data.json
@@ -68,8 +68,7 @@
    "Missing parameter": "Missing parameter",
    "Please login first": "Please login first",
    "The user: %s doesn't exist": "The user: %s doesn't exist",
-    "don't support captchaProvider: ": "don't support captchaProvider: ",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
+    "don't support captchaProvider: ": "don't support captchaProvider: "
  },
  "ldap": {
    "Ldap server exist": "Ldap server exist"
@@ -120,7 +119,8 @@
  },
  "user": {
    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space."
+    "New password cannot contain blank space.": "New password cannot contain blank space.",
+    "New password must have at least 6 characters": "New password must have at least 6 characters"
  },
  "user_upload": {
    "Failed to import users": "Failed to import users"
--- a/i18n/locales/es/data.json
+++ b/i18n/locales/es/data.json
@@ -68,8 +68,7 @@
    "Missing parameter": "Parámetro faltante",
    "Please login first": "Por favor, inicia sesión primero",
    "The user: %s doesn't exist": "El usuario: %s no existe",
-    "don't support captchaProvider: ": "No apoyo a captchaProvider",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
+    "don't support captchaProvider: ": "No apoyo a captchaProvider"
  },
  "ldap": {
    "Ldap server exist": "El servidor LDAP existe"
@@ -120,7 +119,8 @@
  },
  "user": {
    "Display name cannot be empty": "El nombre de pantalla no puede estar vacío",
-    "New password cannot contain blank space.": "La nueva contraseña no puede contener espacios en blanco."
+    "New password cannot contain blank space.": "La nueva contraseña no puede contener espacios en blanco.",
+    "New password must have at least 6 characters": "La nueva contraseña debe tener al menos 6 caracteres"
  },
  "user_upload": {
    "Failed to import users": "Error al importar usuarios"
--- a/i18n/locales/fr/data.json
+++ b/i18n/locales/fr/data.json
@@ -68,8 +68,7 @@
    "Missing parameter": "Paramètre manquant",
    "Please login first": "Veuillez d'abord vous connecter",
    "The user: %s doesn't exist": "L'utilisateur : %s n'existe pas",
-    "don't support captchaProvider: ": "Ne pas prendre en charge la captchaProvider",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
+    "don't support captchaProvider: ": "Ne pas prendre en charge la captchaProvider"
  },
  "ldap": {
    "Ldap server exist": "Le serveur LDAP existe"
@@ -120,7 +119,8 @@
  },
  "user": {
    "Display name cannot be empty": "Le nom d'affichage ne peut pas être vide",
-    "New password cannot contain blank space.": "Le nouveau mot de passe ne peut pas contenir d'espace."
+    "New password cannot contain blank space.": "Le nouveau mot de passe ne peut pas contenir d'espace.",
+    "New password must have at least 6 characters": "Le nouveau mot de passe doit comporter au moins 6 caractères"
  },
  "user_upload": {
    "Failed to import users": "Échec de l'importation des utilisateurs"
--- a/i18n/locales/id/data.json
+++ b/i18n/locales/id/data.json
@@ -68,8 +68,7 @@
    "Missing parameter": "Parameter hilang",
    "Please login first": "Silahkan login terlebih dahulu",
    "The user: %s doesn't exist": "Pengguna: %s tidak ada",
-    "don't support captchaProvider: ": "Jangan mendukung captchaProvider:",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
+    "don't support captchaProvider: ": "Jangan mendukung captchaProvider:"
  },
  "ldap": {
    "Ldap server exist": "Server ldap ada"
@@ -120,7 +119,8 @@
  },
  "user": {
    "Display name cannot be empty": "Nama tampilan tidak boleh kosong",
-    "New password cannot contain blank space.": "Kata sandi baru tidak boleh mengandung spasi kosong."
+    "New password cannot contain blank space.": "Kata sandi baru tidak boleh mengandung spasi kosong.",
+    "New password must have at least 6 characters": "Kata sandi baru harus memiliki setidaknya 6 karakter"
  },
  "user_upload": {
    "Failed to import users": "Gagal mengimpor pengguna"
--- a/i18n/locales/ja/data.json
+++ b/i18n/locales/ja/data.json
@@ -68,8 +68,7 @@
    "Missing parameter": "不足しているパラメーター",
    "Please login first": "最初にログインしてください",
    "The user: %s doesn't exist": "そのユーザー：%sは存在しません",
-    "don't support captchaProvider: ": "captchaProviderをサポートしないでください",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
+    "don't support captchaProvider: ": "captchaProviderをサポートしないでください"
  },
  "ldap": {
    "Ldap server exist": "LDAPサーバーは存在します"
@@ -120,7 +119,8 @@
  },
  "user": {
    "Display name cannot be empty": "表示名は空にできません",
-    "New password cannot contain blank space.": "新しいパスワードにはスペースを含めることはできません。"
+    "New password cannot contain blank space.": "新しいパスワードにはスペースを含めることはできません。",
+    "New password must have at least 6 characters": "新しいパスワードは少なくとも6文字必要です"
  },
  "user_upload": {
    "Failed to import users": "ユーザーのインポートに失敗しました"
--- a/i18n/locales/ko/data.json
+++ b/i18n/locales/ko/data.json
@@ -68,8 +68,7 @@
    "Missing parameter": "누락된 매개변수",
    "Please login first": "먼저 로그인 하십시오",
    "The user: %s doesn't exist": "사용자 %s는 존재하지 않습니다",
-    "don't support captchaProvider: ": "CaptchaProvider를 지원하지 마세요",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
+    "don't support captchaProvider: ": "CaptchaProvider를 지원하지 마세요"
  },
  "ldap": {
    "Ldap server exist": "LDAP 서버가 존재합니다"
@@ -120,7 +119,8 @@
  },
  "user": {
    "Display name cannot be empty": "디스플레이 이름은 비어 있을 수 없습니다",
-    "New password cannot contain blank space.": "새 비밀번호에는 공백이 포함될 수 없습니다."
+    "New password cannot contain blank space.": "새 비밀번호에는 공백이 포함될 수 없습니다.",
+    "New password must have at least 6 characters": "새로운 비밀번호는 최소 6자 이상이어야 합니다"
  },
  "user_upload": {
    "Failed to import users": "사용자 가져오기를 실패했습니다"
--- a/i18n/locales/pt/data.json
+++ b/i18n/locales/pt/data.json
@@ -1,149 +0,0 @@
-{
-  "account": {
-    "Failed to add user": "Failed to add user",
-    "Get init score failed, error: %w": "Get init score failed, error: %w",
-    "Please sign out first": "Please sign out first",
-    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
-  },
-  "auth": {
-    "Challenge method should be S256": "Challenge method should be S256",
-    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
-    "Failed to login in: %s": "Failed to login in: %s",
-    "Invalid token": "Invalid token",
-    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
-    "The application: %s does not exist": "The application: %s does not exist",
-    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
-    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
-    "Unauthorized operation": "Unauthorized operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
-  },
-  "cas": {
-    "Service %s and %s do not match": "Service %s and %s do not match"
-  },
-  "chat": {
-    "The chat type must be \\\"AI\\\"": "The chat type must be \\\"AI\\\"",
-    "The chat: %s is not found": "The chat: %s is not found",
-    "The message is invalid": "The message is invalid",
-    "The message: %s is not found": "The message: %s is not found",
-    "The provider: %s is invalid": "The provider: %s is invalid",
-    "The provider: %s is not found": "The provider: %s is not found"
-  },
-  "check": {
-    "Affiliation cannot be blank": "Affiliation cannot be blank",
-    "DisplayName cannot be blank": "DisplayName cannot be blank",
-    "DisplayName is not valid real name": "DisplayName is not valid real name",
-    "Email already exists": "Email already exists",
-    "Email cannot be empty": "Email cannot be empty",
-    "Email is invalid": "Email is invalid",
-    "Empty username.": "Empty username.",
-    "FirstName cannot be blank": "FirstName cannot be blank",
-    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
-    "LastName cannot be blank": "LastName cannot be blank",
-    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
-    "Organization does not exist": "Organization does not exist",
-    "Password must have at least 6 characters": "Password must have at least 6 characters",
-    "Phone already exists": "Phone already exists",
-    "Phone cannot be empty": "Phone cannot be empty",
-    "Phone number is invalid": "Phone number is invalid",
-    "Session outdated, please login again": "Session outdated, please login again",
-    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
-    "Username already exists": "Username already exists",
-    "Username cannot be an email address": "Username cannot be an email address",
-    "Username cannot contain white spaces": "Username cannot contain white spaces",
-    "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
-    "Username must have at least 2 characters": "Username must have at least 2 characters",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
-    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
-    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
-    "unsupported password type: %s": "unsupported password type: %s"
-  },
-  "general": {
-    "Missing parameter": "Missing parameter",
-    "Please login first": "Please login first",
-    "The user: %s doesn't exist": "The user: %s doesn't exist",
-    "don't support captchaProvider: ": "don't support captchaProvider: ",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
-  },
-  "ldap": {
-    "Ldap server exist": "Ldap server exist"
-  },
-  "link": {
-    "Please link first": "Please link first",
-    "This application has no providers": "This application has no providers",
-    "This application has no providers of type": "This application has no providers of type",
-    "This provider can't be unlinked": "This provider can't be unlinked",
-    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
-    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "Only admin can modify the %s.",
-    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
-  },
-  "provider": {
-    "Invalid application id": "Invalid application id",
-    "the provider: %s does not exist": "the provider: %s does not exist"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "User is nil for tag: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
-  },
-  "saml": {
-    "Application %s not found": "Application %s not found"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "provider %s's category is not SAML"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
-    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
-    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
-    "The provider type: %s is not supported": "The provider type: %s is not supported"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
-    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
-    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
-    "Invalid client_id": "Invalid client_id",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
-    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
-  },
-  "user": {
-    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space."
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
-  "util": {
-    "No application is found for userId: %s": "No application is found for userId: %s",
-    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
-    "The provider: %s is not found": "The provider: %s is not found"
-  },
-  "verification": {
-    "Code has not been sent yet!": "Code has not been sent yet!",
-    "Invalid captcha provider.": "Invalid captcha provider.",
-    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
-    "Turing test failed.": "Turing test failed.",
-    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
-    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
-    "Unknown type": "Unknown type",
-    "Wrong verification code!": "Wrong verification code!",
-    "You should verify your code in %d min!": "You should verify your code in %d min!",
-    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
-  }
-}
--- a/i18n/locales/ru/data.json
+++ b/i18n/locales/ru/data.json
@@ -68,8 +68,7 @@
    "Missing parameter": "Отсутствующий параметр",
    "Please login first": "Пожалуйста, сначала войдите в систему",
    "The user: %s doesn't exist": "Пользователь %s не существует",
-    "don't support captchaProvider: ": "не поддерживайте captchaProvider:",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
+    "don't support captchaProvider: ": "не поддерживайте captchaProvider:"
  },
  "ldap": {
    "Ldap server exist": "LDAP-сервер существует"
@@ -120,7 +119,8 @@
  },
  "user": {
    "Display name cannot be empty": "Отображаемое имя не может быть пустым",
-    "New password cannot contain blank space.": "Новый пароль не может содержать пробелы."
+    "New password cannot contain blank space.": "Новый пароль не может содержать пробелы.",
+    "New password must have at least 6 characters": "Новый пароль должен содержать не менее 6 символов"
  },
  "user_upload": {
    "Failed to import users": "Не удалось импортировать пользователей"
--- a/i18n/locales/vi/data.json
+++ b/i18n/locales/vi/data.json
@@ -68,8 +68,7 @@
    "Missing parameter": "Thiếu tham số",
    "Please login first": "Vui lòng đăng nhập trước",
    "The user: %s doesn't exist": "Người dùng: %s không tồn tại",
-    "don't support captchaProvider: ": "không hỗ trợ captchaProvider: ",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
+    "don't support captchaProvider: ": "không hỗ trợ captchaProvider: "
  },
  "ldap": {
    "Ldap server exist": "Máy chủ LDAP tồn tại"
@@ -120,7 +119,8 @@
  },
  "user": {
    "Display name cannot be empty": "Tên hiển thị không thể trống",
-    "New password cannot contain blank space.": "Mật khẩu mới không thể chứa dấu trắng."
+    "New password cannot contain blank space.": "Mật khẩu mới không thể chứa dấu trắng.",
+    "New password must have at least 6 characters": "Mật khẩu mới phải có ít nhất 6 ký tự"
  },
  "user_upload": {
    "Failed to import users": "Không thể nhập người dùng"
--- a/i18n/locales/zh/data.json
+++ b/i18n/locales/zh/data.json
@@ -68,8 +68,7 @@
    "Missing parameter": "缺少参数",
    "Please login first": "请先登录",
    "The user: %s doesn't exist": "用户: %s不存在",
-    "don't support captchaProvider: ": "不支持验证码提供商: ",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
+    "don't support captchaProvider: ": "不支持验证码提供商: "
  },
  "ldap": {
    "Ldap server exist": "LDAP服务器已存在"
@@ -120,7 +119,8 @@
  },
  "user": {
    "Display name cannot be empty": "显示名称不可为空",
-    "New password cannot contain blank space.": "新密码不可以包含空格"
+    "New password cannot contain blank space.": "新密码不可以包含空格",
+    "New password must have at least 6 characters": "新密码至少需要6位字符"
  },
  "user_upload": {
    "Failed to import users": "导入用户失败"
--- a/init_data.json.template
+++ b/init_data.json.template
@@ -8,7 +8,6 @@
      "favicon": "",
      "passwordType": "plain",
      "passwordSalt": "",
-      "passwordOptions": ["AtLeast6"],
      "countryCodes": ["US", "ES", "CN", "FR", "DE", "GB", "JP", "KR", "VN", "ID", "SG", "IN"],
      "defaultAvatar": "",
      "defaultApplication": "",
--- a/main.go
+++ b/main.go
@@ -30,18 +30,13 @@ import (
 	"github.com/casdoor/casdoor/util"
 )

-func getCreateDatabaseFlag() bool {
-	res := flag.Bool("createDatabase", false, "true if you need Casdoor to create database")
-	flag.Parse()
-	return *res
-}
-
 func main() {
-	createDatabase := getCreateDatabaseFlag()
+	createDatabase := flag.Bool("createDatabase", false, "true if you need Casdoor to create database")
+	flag.Parse()

 	object.InitAdapter()
-	object.CreateTables(createDatabase)
 	object.DoMigration()
+	object.CreateTables(*createDatabase)

 	object.InitDb()
 	object.InitFromFile()
--- a/object/adapter.go
+++ b/object/adapter.go
@@ -41,26 +41,18 @@ func InitConfig() {
 	beego.BConfig.WebConfig.Session.SessionOn = true

 	InitAdapter()
-	CreateTables(true)
 	DoMigration()
+	CreateTables(true)
 }

 func InitAdapter() {
 	adapter = NewAdapter(conf.GetConfigString("driverName"), conf.GetConfigDataSourceName(), conf.GetConfigString("dbName"))
-
-	tableNamePrefix := conf.GetConfigString("tableNamePrefix")
-	tbMapper := core.NewPrefixMapper(core.SnakeMapper{}, tableNamePrefix)
-	adapter.Engine.SetTableMapper(tbMapper)
 }

 func CreateTables(createDatabase bool) {
 	if createDatabase {
-		err := adapter.CreateDatabase()
-		if err != nil {
-			panic(err)
-		}
+		adapter.CreateDatabase()
 	}
-
 	adapter.createTable()
 }

@@ -130,6 +122,10 @@ func (a *Adapter) createTable() {
 	showSql := conf.GetConfigBool("showSql")
 	a.Engine.ShowSQL(showSql)

+	tableNamePrefix := conf.GetConfigString("tableNamePrefix")
+	tbMapper := core.NewPrefixMapper(core.SnakeMapper{}, tableNamePrefix)
+	a.Engine.SetTableMapper(tbMapper)
+
 	err := a.Engine.Sync2(new(Organization))
 	if err != nil {
 		panic(err)
@@ -140,16 +136,6 @@ func (a *Adapter) createTable() {
 		panic(err)
 	}

-	err = a.Engine.Sync2(new(Group))
-	if err != nil {
-		panic(err)
-	}
-
-	err = a.Engine.Sync2(new(UserGroupRelation))
-	if err != nil {
-		panic(err)
-	}
-
 	err = a.Engine.Sync2(new(Role))
 	if err != nil {
 		panic(err)
@@ -309,9 +295,6 @@ func GetSessionForUser(owner string, offset, limit int, field, value, sortField,
 	}
 	if field != "" && value != "" {
 		if filterField(field) {
-			if offset != -1 {
-				field = fmt.Sprintf("a.%s", field)
-			}
 			session = session.And(fmt.Sprintf("%s like ?", util.SnakeString(field)), fmt.Sprintf("%%%s%%", value))
 		}
 	}
@@ -319,8 +302,7 @@ func GetSessionForUser(owner string, offset, limit int, field, value, sortField,
 		sortField = "created_time"
 	}

-	tableNamePrefix := conf.GetConfigString("tableNamePrefix")
-	tableName := tableNamePrefix + "user"
+	tableName := "user"
 	if offset == -1 {
 		if sortOrder == "ascend" {
 			session = session.Asc(util.SnakeString(sortField))
--- a/object/application.go
+++ b/object/application.go
@@ -235,16 +235,16 @@ func GetApplicationByUser(user *User) (*Application, error) {
 	}
 }

-func GetApplicationByUserId(userId string) (application *Application, err error) {
+func GetApplicationByUserId(userId string) (application *Application, user *User, err error) {
 	owner, name := util.GetOwnerAndNameFromId(userId)
 	if owner == "app" {
 		application, err = getApplication("admin", name)
 		return
 	}

-	user, err := GetUser(userId)
+	user, err = GetUser(userId)
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
 	application, err = GetApplicationByUser(user)
 	return
--- a/object/user_avatar_test.go
+++ b/object/user_avatar_test.go
@@ -16,6 +16,7 @@ package object

 import (
 	"fmt"
+	"strings"
 	"testing"

 	"github.com/casdoor/casdoor/proxy"
@@ -57,11 +58,7 @@ func TestUpdateAvatars(t *testing.T) {
 	}

 	for _, user := range users {
-		//if strings.HasPrefix(user.Avatar, "http") {
-		//	continue
-		//}
-
-		if user.AvatarType != "Auto" {
+		if strings.HasPrefix(user.Avatar, "http") {
 			continue
 		}

@@ -72,7 +69,7 @@ func TestUpdateAvatars(t *testing.T) {

 		if updated {
 			user.PermanentAvatar = "*"
-			_, err = UpdateUser(user.GetId(), user, []string{"avatar", "avatar_type"}, true)
+			_, err = UpdateUser(user.GetId(), user, []string{"avatar"}, true)
 			if err != nil {
 				panic(err)
 			}
--- a/object/avatar_util.go
+++ b/object/avatar_util.go
@@ -0,0 +1,167 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"bytes"
+	"crypto/md5"
+	"fmt"
+	"image"
+	"image/color"
+	"image/png"
+	"io"
+	"net/http"
+	"strings"
+
+	"github.com/fogleman/gg"
+)
+
+func hasGravatar(client *http.Client, email string) (bool, error) {
+	// Clean and lowercase the email
+	email = strings.TrimSpace(strings.ToLower(email))
+
+	// Generate MD5 hash of the email
+	hash := md5.New()
+	io.WriteString(hash, email)
+	hashedEmail := fmt.Sprintf("%x", hash.Sum(nil))
+
+	// Create Gravatar URL with d=404 parameter
+	gravatarURL := fmt.Sprintf("https://www.gravatar.com/avatar/%s?d=404", hashedEmail)
+
+	// Send a request to Gravatar
+	req, err := http.NewRequest("GET", gravatarURL, nil)
+	if err != nil {
+		return false, err
+	}
+
+	resp, err := client.Do(req)
+	if err != nil {
+		return false, err
+	}
+	defer resp.Body.Close()
+
+	// Check if the user has a custom Gravatar image
+	if resp.StatusCode == http.StatusOK {
+		return true, nil
+	} else if resp.StatusCode == http.StatusNotFound {
+		return false, nil
+	} else {
+		return false, fmt.Errorf("failed to fetch gravatar image: %s", resp.Status)
+	}
+}
+
+func getGravatarFileBuffer(client *http.Client, email string) (*bytes.Buffer, string, error) {
+	// Clean and lowercase the email
+	email = strings.TrimSpace(strings.ToLower(email))
+
+	// Generate MD5 hash of the email
+	hash := md5.New()
+	io.WriteString(hash, email)
+	hashedEmail := fmt.Sprintf("%x", hash.Sum(nil))
+
+	// Create Gravatar URL
+	gravatarURL := fmt.Sprintf("https://www.gravatar.com/avatar/%s", hashedEmail)
+
+	// Download the image
+	req, err := http.NewRequest("GET", gravatarURL, nil)
+	if err != nil {
+		return nil, "", err
+	}
+
+	resp, err := client.Do(req)
+	if err != nil {
+		return nil, "", err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		return nil, "", fmt.Errorf("failed to download gravatar image: %s", resp.Status)
+	}
+
+	// Get the content type and determine the file extension
+	contentType := resp.Header.Get("Content-Type")
+	fileExtension := ""
+	switch contentType {
+	case "image/jpeg":
+		fileExtension = ".jpg"
+	case "image/png":
+		fileExtension = ".png"
+	case "image/gif":
+		fileExtension = ".gif"
+	default:
+		return nil, "", fmt.Errorf("unsupported content type: %s", contentType)
+	}
+
+	// Save the image to a bytes.Buffer
+	buffer := &bytes.Buffer{}
+	_, err = io.Copy(buffer, resp.Body)
+	if err != nil {
+		return nil, "", err
+	}
+
+	return buffer, fileExtension, nil
+}
+
+func getColor(data []byte) color.RGBA {
+	r := int(data[0]) % 256
+	g := int(data[1]) % 256
+	b := int(data[2]) % 256
+	return color.RGBA{uint8(r), uint8(g), uint8(b), 255}
+}
+
+func getIdenticonFileBuffer(username string) (*bytes.Buffer, string, error) {
+	username = strings.TrimSpace(strings.ToLower(username))
+
+	hash := md5.New()
+	io.WriteString(hash, username)
+	hashedUsername := hash.Sum(nil)
+
+	// Define the size of the image
+	const imageSize = 420
+	const cellSize = imageSize / 7
+
+	// Create a new image
+	img := image.NewRGBA(image.Rect(0, 0, imageSize, imageSize))
+
+	// Create a context
+	dc := gg.NewContextForRGBA(img)
+
+	// Set a background color
+	dc.SetColor(color.RGBA{240, 240, 240, 255})
+	dc.Clear()
+
+	// Get avatar color
+	avatarColor := getColor(hashedUsername)
+
+	// Draw cells
+	for i := 0; i < 7; i++ {
+		for j := 0; j < 7; j++ {
+			if (hashedUsername[i] >> uint(j) & 1) == 1 {
+				dc.SetColor(avatarColor)
+				dc.DrawRectangle(float64(j*cellSize), float64(i*cellSize), float64(cellSize), float64(cellSize))
+				dc.Fill()
+			}
+		}
+	}
+
+	// Save image to a bytes.Buffer
+	buffer := &bytes.Buffer{}
+	err := png.Encode(buffer, img)
+	if err != nil {
+		return nil, "", fmt.Errorf("failed to save image: %w", err)
+	}
+
+	return buffer, ".png", nil
+}
--- a/object/casbin_adapter.go
+++ b/object/casbin_adapter.go
@@ -30,8 +30,9 @@ type CasbinAdapter struct {
 	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
 	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`

-	Type  string `xorm:"varchar(100)" json:"type"`
-	Model string `xorm:"varchar(100)" json:"model"`
+	Organization string `xorm:"varchar(100)" json:"organization"`
+	Type         string `xorm:"varchar(100)" json:"type"`
+	Model        string `xorm:"varchar(100)" json:"model"`

 	Host         string `xorm:"varchar(100)" json:"host"`
 	Port         int    `json:"port"`
@@ -45,14 +46,14 @@ type CasbinAdapter struct {
 	Adapter *xormadapter.Adapter `xorm:"-" json:"-"`
 }

-func GetCasbinAdapterCount(owner, field, value string) (int64, error) {
+func GetCasbinAdapterCount(owner, organization, field, value string) (int64, error) {
 	session := GetSession(owner, -1, -1, field, value, "", "")
-	return session.Count(&CasbinAdapter{})
+	return session.Count(&CasbinAdapter{Organization: organization})
 }

-func GetCasbinAdapters(owner string) ([]*CasbinAdapter, error) {
+func GetCasbinAdapters(owner string, organization string) ([]*CasbinAdapter, error) {
 	adapters := []*CasbinAdapter{}
-	err := adapter.Engine.Desc("created_time").Find(&adapters, &CasbinAdapter{Owner: owner})
+	err := adapter.Engine.Where("owner = ? and organization = ?", owner, organization).Find(&adapters)
 	if err != nil {
 		return adapters, err
 	}
@@ -60,10 +61,10 @@ func GetCasbinAdapters(owner string) ([]*CasbinAdapter, error) {
 	return adapters, nil
 }

-func GetPaginationCasbinAdapters(owner string, offset, limit int, field, value, sortField, sortOrder string) ([]*CasbinAdapter, error) {
+func GetPaginationCasbinAdapters(owner, organization string, page, limit int, field, value, sort, order string) ([]*CasbinAdapter, error) {
+	session := GetSession(owner, page, limit, field, value, sort, order)
 	adapters := []*CasbinAdapter{}
-	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
-	err := session.Find(&adapters)
+	err := session.Find(&adapters, &CasbinAdapter{Organization: organization})
 	if err != nil {
 		return adapters, err
 	}
@@ -213,10 +214,6 @@ func SyncPolicies(casbinAdapter *CasbinAdapter) ([]*xormadapter.CasbinRule, erro
 		return nil, err
 	}

-	if modelObj == nil {
-		return nil, fmt.Errorf("The model: %s does not exist", util.GetId(casbinAdapter.Owner, casbinAdapter.Model))
-	}
-
 	enforcer, err := initEnforcer(modelObj, casbinAdapter)
 	if err != nil {
 		return nil, err
--- a/object/check.go
+++ b/object/check.go
@@ -203,16 +203,6 @@ func CheckPassword(user *User, password string, lang string, options ...bool) st
 	}
 }

-func CheckPasswordComplexityByOrg(organization *Organization, password string) string {
-	errorMsg := checkPasswordComplexity(password, organization.PasswordOptions)
-	return errorMsg
-}
-
-func CheckPasswordComplexity(user *User, password string) string {
-	organization, _ := GetOrganizationByUser(user)
-	return CheckPasswordComplexityByOrg(organization, password)
-}
-
 func checkLdapUserPassword(user *User, password string, lang string) string {
 	ldaps, err := GetLdaps(user.Owner)
 	if err != nil {
@@ -363,7 +353,7 @@ func CheckAccessPermission(userId string, application *Application) (bool, error

 	allowed := true
 	for _, permission := range permissions {
-		if !permission.IsEnabled {
+		if !permission.IsEnabled || len(permission.Users) == 0 {
 			continue
 		}

--- a/object/check_password_complexity.go
+++ b/object/check_password_complexity.go
@@ -1,98 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package object
-
-import (
-	"regexp"
-)
-
-type ValidatorFunc func(password string) string
-
-var (
-	regexLowerCase = regexp.MustCompile(`[a-z]`)
-	regexUpperCase = regexp.MustCompile(`[A-Z]`)
-	regexDigit     = regexp.MustCompile(`\d`)
-	regexSpecial   = regexp.MustCompile(`[!@#$%^&*]`)
-)
-
-func isValidOption_AtLeast6(password string) string {
-	if len(password) < 6 {
-		return "The password must have at least 6 characters"
-	}
-	return ""
-}
-
-func isValidOption_AtLeast8(password string) string {
-	if len(password) < 8 {
-		return "The password must have at least 8 characters"
-	}
-	return ""
-}
-
-func isValidOption_Aa123(password string) string {
-	hasLowerCase := regexLowerCase.MatchString(password)
-	hasUpperCase := regexUpperCase.MatchString(password)
-	hasDigit := regexDigit.MatchString(password)
-
-	if !hasLowerCase || !hasUpperCase || !hasDigit {
-		return "The password must contain at least one uppercase letter, one lowercase letter and one digit"
-	}
-	return ""
-}
-
-func isValidOption_SpecialChar(password string) string {
-	if !regexSpecial.MatchString(password) {
-		return "The password must contain at least one special character"
-	}
-	return ""
-}
-
-func isValidOption_NoRepeat(password string) string {
-	for i := 0; i < len(password)-1; i++ {
-		if password[i] == password[i+1] {
-			return "The password must not contain any repeated characters"
-		}
-	}
-	return ""
-}
-
-func checkPasswordComplexity(password string, options []string) string {
-	if len(password) == 0 {
-		return "Please input your password!"
-	}
-
-	if len(options) == 0 {
-		options = []string{"AtLeast6"}
-	}
-
-	checkers := map[string]ValidatorFunc{
-		"AtLeast6":    isValidOption_AtLeast6,
-		"AtLeast8":    isValidOption_AtLeast8,
-		"Aa123":       isValidOption_Aa123,
-		"SpecialChar": isValidOption_SpecialChar,
-		"NoRepeat":    isValidOption_NoRepeat,
-	}
-
-	for _, option := range options {
-		checkerFunc, ok := checkers[option]
-		if ok {
-			errorMsg := checkerFunc(password)
-			if errorMsg != "" {
-				return errorMsg
-			}
-		}
-	}
-	return ""
-}
--- a/object/group.go
+++ b/object/group.go
@@ -1,228 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package object
-
-import (
-	"errors"
-	"fmt"
-
-	"github.com/casdoor/casdoor/util"
-	"github.com/xorm-io/core"
-)
-
-type Group struct {
-	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
-	Name        string `xorm:"varchar(100) notnull pk unique" json:"name"`
-	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
-	UpdatedTime string `xorm:"varchar(100)" json:"updatedTime"`
-
-	Id           string    `xorm:"varchar(100) not null index" json:"id"`
-	DisplayName  string    `xorm:"varchar(100)" json:"displayName"`
-	Manager      string    `xorm:"varchar(100)" json:"manager"`
-	ContactEmail string    `xorm:"varchar(100)" json:"contactEmail"`
-	Type         string    `xorm:"varchar(100)" json:"type"`
-	ParentId     string    `xorm:"varchar(100)" json:"parentId"`
-	IsTopGroup   bool      `xorm:"bool" json:"isTopGroup"`
-	Users        *[]string `xorm:"-" json:"users"`
-
-	Title    string   `json:"title,omitempty"`
-	Key      string   `json:"key,omitempty"`
-	Children []*Group `json:"children,omitempty"`
-
-	IsEnabled bool `json:"isEnabled"`
-}
-
-type GroupNode struct{}
-
-func GetGroupCount(owner, field, value string) (int64, error) {
-	session := GetSession(owner, -1, -1, field, value, "", "")
-	count, err := session.Count(&Group{})
-	if err != nil {
-		return 0, err
-	}
-
-	return count, nil
-}
-
-func GetGroups(owner string) ([]*Group, error) {
-	groups := []*Group{}
-	err := adapter.Engine.Desc("created_time").Find(&groups, &Group{Owner: owner})
-	if err != nil {
-		return nil, err
-	}
-
-	return groups, nil
-}
-
-func GetPaginationGroups(owner string, offset, limit int, field, value, sortField, sortOrder string) ([]*Group, error) {
-	groups := []*Group{}
-	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
-	err := session.Find(&groups)
-	if err != nil {
-		return nil, err
-	}
-
-	return groups, nil
-}
-
-func getGroup(owner string, name string) (*Group, error) {
-	if owner == "" || name == "" {
-		return nil, nil
-	}
-
-	group := Group{Owner: owner, Name: name}
-	existed, err := adapter.Engine.Get(&group)
-	if err != nil {
-		return nil, err
-	}
-
-	if existed {
-		return &group, nil
-	} else {
-		return nil, nil
-	}
-}
-
-func getGroupById(id string) (*Group, error) {
-	if id == "" {
-		return nil, nil
-	}
-
-	group := Group{Id: id}
-	existed, err := adapter.Engine.Get(&group)
-	if err != nil {
-		return nil, err
-	}
-
-	if existed {
-		return &group, nil
-	} else {
-		return nil, nil
-	}
-}
-
-func GetGroup(id string) (*Group, error) {
-	owner, name := util.GetOwnerAndNameFromId(id)
-	return getGroup(owner, name)
-}
-
-func UpdateGroup(id string, group *Group) (bool, error) {
-	owner, name := util.GetOwnerAndNameFromId(id)
-	oldGroup, err := getGroup(owner, name)
-	if oldGroup == nil {
-		return false, err
-	}
-
-	group.UpdatedTime = util.GetCurrentTime()
-	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(group)
-	if err != nil {
-		return false, err
-	}
-
-	return affected != 0, nil
-}
-
-func AddGroup(group *Group) (bool, error) {
-	if group.Id == "" {
-		group.Id = util.GenerateId()
-	}
-
-	affected, err := adapter.Engine.Insert(group)
-	if err != nil {
-		return false, err
-	}
-
-	return affected != 0, nil
-}
-
-func AddGroups(groups []*Group) (bool, error) {
-	if len(groups) == 0 {
-		return false, nil
-	}
-	affected, err := adapter.Engine.Insert(groups)
-	if err != nil {
-		return false, err
-	}
-	return affected != 0, nil
-}
-
-func DeleteGroup(group *Group) (bool, error) {
-	_, err := adapter.Engine.Get(group)
-	if err != nil {
-		return false, err
-	}
-
-	if count, err := adapter.Engine.Where("parent_id = ?", group.Id).Count(&Group{}); err != nil {
-		return false, err
-	} else if count > 0 {
-		return false, errors.New("group has children group")
-	}
-
-	if count, err := GetGroupUserCount(group.GetId(), "", ""); err != nil {
-		return false, err
-	} else if count > 0 {
-		return false, errors.New("group has users")
-	}
-
-	session := adapter.Engine.NewSession()
-	defer session.Close()
-
-	if err := session.Begin(); err != nil {
-		return false, err
-	}
-
-	if _, err := session.Delete(&UserGroupRelation{GroupId: group.Id}); err != nil {
-		session.Rollback()
-		return false, err
-	}
-
-	affected, err := session.ID(core.PK{group.Owner, group.Name}).Delete(&Group{})
-	if err != nil {
-		session.Rollback()
-		return false, err
-	}
-
-	if err := session.Commit(); err != nil {
-		return false, err
-	}
-
-	return affected != 0, nil
-}
-
-func (group *Group) GetId() string {
-	return fmt.Sprintf("%s/%s", group.Owner, group.Name)
-}
-
-func ConvertToTreeData(groups []*Group, parentId string) []*Group {
-	treeData := []*Group{}
-
-	for _, group := range groups {
-		if group.ParentId == parentId {
-			node := &Group{
-				Title: group.DisplayName,
-				Key:   group.Name,
-				Type:  group.Type,
-				Owner: group.Owner,
-				Id:    group.Id,
-			}
-			children := ConvertToTreeData(groups, group.Id)
-			if len(children) > 0 {
-				node.Children = children
-			}
-			treeData = append(treeData, node)
-		}
-	}
-	return treeData
-}
--- a/object/init.go
+++ b/object/init.go
@@ -61,7 +61,6 @@ func getBuiltInAccountItems() []*AccountItem {
 		{Name: "Signup application", Visible: true, ViewRule: "Public", ModifyRule: "Admin"},
 		{Name: "Roles", Visible: true, ViewRule: "Public", ModifyRule: "Immutable"},
 		{Name: "Permissions", Visible: true, ViewRule: "Public", ModifyRule: "Immutable"},
-		{Name: "Groups", Visible: true, ViewRule: "Public", ModifyRule: "Immutable"},
 		{Name: "3rd-party logins", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
 		{Name: "Properties", Visible: false, ViewRule: "Admin", ModifyRule: "Admin"},
 		{Name: "Is admin", Visible: true, ViewRule: "Admin", ModifyRule: "Admin"},
@@ -92,7 +91,6 @@ func initBuiltInOrganization() bool {
 		WebsiteUrl:         "https://example.com",
 		Favicon:            fmt.Sprintf("%s/img/casbin/favicon.ico", conf.GetConfigString("staticBaseUrl")),
 		PasswordType:       "plain",
-		PasswordOptions:    []string{"AtLeast6"},
 		CountryCodes:       []string{"US", "ES", "CN", "FR", "DE", "GB", "JP", "KR", "VN", "ID", "SG", "IN"},
 		DefaultAvatar:      fmt.Sprintf("%s/img/casbin.svg", conf.GetConfigString("staticBaseUrl")),
 		Tags:               []string{},
--- a/object/init_data.go
+++ b/object/init_data.go
@@ -14,10 +14,7 @@

 package object

-import (
-	"github.com/casdoor/casdoor/conf"
-	"github.com/casdoor/casdoor/util"
-)
+import "github.com/casdoor/casdoor/util"

 type InitData struct {
 	Organizations []*Organization `json:"organizations"`
@@ -38,12 +35,7 @@ type InitData struct {
 }

 func InitFromFile() {
-	initDataFile := conf.GetConfigString("initDataFile")
-	if initDataFile == "" {
-		return
-	}
-
-	initData, err := readInitDataFromFile(initDataFile)
+	initData, err := readInitDataFromFile("./init_data.json")
 	if err != nil {
 		panic(err)
 	}
--- a/object/model.go
+++ b/object/model.go
@@ -27,7 +27,6 @@ type Model struct {
 	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
 	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
 	DisplayName string `xorm:"varchar(100)" json:"displayName"`
-	Description string `xorm:"varchar(100)" json:"description"`

 	ModelText string `xorm:"mediumtext" json:"modelText"`
 	IsEnabled bool   `json:"isEnabled"`
--- a/object/organization.go
+++ b/object/organization.go
@@ -22,7 +22,6 @@ import (
 	"github.com/casdoor/casdoor/cred"
 	"github.com/casdoor/casdoor/i18n"
 	"github.com/casdoor/casdoor/util"
-	"github.com/xorm-io/builder"
 	"github.com/xorm-io/core"
 )

@@ -56,7 +55,6 @@ type Organization struct {
 	Favicon            string     `xorm:"varchar(100)" json:"favicon"`
 	PasswordType       string     `xorm:"varchar(100)" json:"passwordType"`
 	PasswordSalt       string     `xorm:"varchar(100)" json:"passwordSalt"`
-	PasswordOptions    []string   `xorm:"varchar(100)" json:"passwordOptions"`
 	CountryCodes       []string   `xorm:"varchar(200)"  json:"countryCodes"`
 	DefaultAvatar      string     `xorm:"varchar(200)" json:"defaultAvatar"`
 	DefaultApplication string     `xorm:"varchar(100)" json:"defaultApplication"`
@@ -77,18 +75,11 @@ func GetOrganizationCount(owner, field, value string) (int64, error) {
 	return session.Count(&Organization{})
 }

-func GetOrganizations(owner string, name ...string) ([]*Organization, error) {
+func GetOrganizations(owner string) ([]*Organization, error) {
 	organizations := []*Organization{}
-	if name != nil && len(name) > 0 {
-		err := adapter.Engine.Desc("created_time").Where(builder.In("name", name)).Find(&organizations)
-		if err != nil {
-			return nil, err
-		}
-	} else {
-		err := adapter.Engine.Desc("created_time").Find(&organizations, &Organization{Owner: owner})
-		if err != nil {
-			return nil, err
-		}
+	err := adapter.Engine.Desc("created_time").Find(&organizations, &Organization{Owner: owner})
+	if err != nil {
+		return nil, err
 	}

 	return organizations, nil
@@ -343,13 +334,6 @@ func organizationChangeTrigger(oldName string, newName string) error {
 		return err
 	}

-	group := new(Group)
-	group.Owner = newName
-	_, err = session.Where("owner=?", oldName).Update(group)
-	if err != nil {
-		return err
-	}
-
 	role := new(Role)
 	_, err = adapter.Engine.Where("owner=?", oldName).Get(role)
 	if err != nil {
@@ -402,6 +386,7 @@ func organizationChangeTrigger(oldName string, newName string) error {

 	casbinAdapter := new(CasbinAdapter)
 	casbinAdapter.Owner = newName
+	casbinAdapter.Organization = newName
 	_, err = session.Where("owner=?", oldName).Update(casbinAdapter)
 	if err != nil {
 		return err
--- a/object/payment.go
+++ b/object/payment.go
@@ -56,9 +56,9 @@ type Payment struct {
 	InvoiceUrl    string `xorm:"varchar(255)" json:"invoiceUrl"`
 }

-func GetPaymentCount(owner, organization, field, value string) (int64, error) {
+func GetPaymentCount(owner, field, value string) (int64, error) {
 	session := GetSession(owner, -1, -1, field, value, "", "")
-	return session.Count(&Payment{Organization: organization})
+	return session.Count(&Payment{})
 }

 func GetPayments(owner string) ([]*Payment, error) {
@@ -81,10 +81,10 @@ func GetUserPayments(owner string, organization string, user string) ([]*Payment
 	return payments, nil
 }

-func GetPaginationPayments(owner, organization string, offset, limit int, field, value, sortField, sortOrder string) ([]*Payment, error) {
+func GetPaginationPayments(owner string, offset, limit int, field, value, sortField, sortOrder string) ([]*Payment, error) {
 	payments := []*Payment{}
 	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
-	err := session.Find(&payments, &Payment{Organization: organization})
+	err := session.Find(&payments)
 	if err != nil {
 		return nil, err
 	}
@@ -149,7 +149,7 @@ func DeletePayment(payment *Payment) (bool, error) {
 	return affected != 0, nil
 }

-func notifyPayment(request *http.Request, body []byte, owner string, providerName string, productName string, paymentName string, orderId string) (*Payment, error, string) {
+func notifyPayment(request *http.Request, body []byte, owner string, providerName string, productName string, paymentName string) (*Payment, error, string) {
 	provider, err := getProvider(owner, providerName)
 	if err != nil {
 		panic(err)
@@ -180,7 +180,7 @@ func notifyPayment(request *http.Request, body []byte, owner string, providerNam
 		return payment, err, pProvider.GetResponseError(err)
 	}

-	productDisplayName, paymentName, price, productName, providerName, err := pProvider.Notify(request, body, cert.AuthorityPublicKey, orderId)
+	productDisplayName, paymentName, price, productName, providerName, err := pProvider.Notify(request, body, cert.AuthorityPublicKey)
 	if err != nil {
 		return payment, err, pProvider.GetResponseError(err)
 	}
@@ -199,8 +199,8 @@ func notifyPayment(request *http.Request, body []byte, owner string, providerNam
 	return payment, err, pProvider.GetResponseError(err)
 }

-func NotifyPayment(request *http.Request, body []byte, owner string, providerName string, productName string, paymentName string, orderId string) (error, string) {
-	payment, err, errorResponse := notifyPayment(request, body, owner, providerName, productName, paymentName, orderId)
+func NotifyPayment(request *http.Request, body []byte, owner string, providerName string, productName string, paymentName string) (error, string) {
+	payment, err, errorResponse := notifyPayment(request, body, owner, providerName, productName, paymentName)
 	if payment != nil {
 		if err != nil {
 			payment.State = "Error"
--- a/object/permission.go
+++ b/object/permission.go
@@ -27,7 +27,6 @@ type Permission struct {
 	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
 	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
 	DisplayName string `xorm:"varchar(100)" json:"displayName"`
-	Description string `xorm:"varchar(100)" json:"description"`

 	Users   []string `xorm:"mediumtext" json:"users"`
 	Roles   []string `xorm:"mediumtext" json:"roles"`
@@ -264,48 +263,18 @@ func DeletePermission(permission *Permission) (bool, error) {
 	return affected != 0, nil
 }

-func GetPermissionsAndRolesByUser(userId string) ([]*Permission, []*Role, error) {
+func GetPermissionsByUser(userId string) ([]*Permission, error) {
 	permissions := []*Permission{}
 	err := adapter.Engine.Where("users like ?", "%"+userId+"\"%").Find(&permissions)
 	if err != nil {
-		return nil, nil, err
+		return permissions, err
 	}

-	existedPerms := map[string]struct{}{}
-
-	for _, perm := range permissions {
-		perm.Users = nil
-
-		if _, ok := existedPerms[perm.Name]; !ok {
-			existedPerms[perm.Name] = struct{}{}
-		}
+	for i := range permissions {
+		permissions[i].Users = nil
 	}

-	permFromRoles := []*Permission{}
-
-	roles, err := GetRolesByUser(userId)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	for _, role := range roles {
-		perms := []*Permission{}
-		err := adapter.Engine.Where("roles like ?", "%"+role.Name+"\"%").Find(&perms)
-		if err != nil {
-			return nil, nil, err
-		}
-		permFromRoles = append(permFromRoles, perms...)
-	}
-
-	for _, perm := range permFromRoles {
-		perm.Users = nil
-		if _, ok := existedPerms[perm.Name]; !ok {
-			existedPerms[perm.Name] = struct{}{}
-			permissions = append(permissions, perm)
-		}
-	}
-
-	return permissions, roles, nil
+	return permissions, nil
 }

 func GetPermissionsByRole(roleId string) ([]*Permission, error) {
--- a/object/permission_enforcer.go
+++ b/object/permission_enforcer.go
@@ -241,33 +241,37 @@ func removePolicies(permission *Permission) {

 type CasbinRequest = []interface{}

-func Enforce(permissionId string, request *CasbinRequest) (bool, error) {
+func Enforce(permissionId string, request *CasbinRequest) bool {
 	permission, err := GetPermission(permissionId)
 	if err != nil {
-		return false, err
+		panic(err)
 	}

 	enforcer := getEnforcer(permission)
-	return enforcer.Enforce(*request...)
+
+	allow, err := enforcer.Enforce(*request...)
+	if err != nil {
+		panic(err)
+	}
+	return allow
 }

-func BatchEnforce(permissionId string, requests *[]CasbinRequest) ([]bool, error) {
+func BatchEnforce(permissionId string, requests *[]CasbinRequest) []bool {
 	permission, err := GetPermission(permissionId)
 	if err != nil {
-		res := []bool{}
-		for i := 0; i < len(*requests); i++ {
-			res = append(res, false)
-		}
-
-		return res, err
+		panic(err)
 	}

 	enforcer := getEnforcer(permission)
-	return enforcer.BatchEnforce(*requests)
+	allow, err := enforcer.BatchEnforce(*requests)
+	if err != nil {
+		panic(err)
+	}
+	return allow
 }

 func getAllValues(userId string, fn func(enforcer *casbin.Enforcer) []string) []string {
-	permissions, _, err := GetPermissionsAndRolesByUser(userId)
+	permissions, err := GetPermissionsByUser(userId)
 	if err != nil {
 		panic(err)
 	}
--- a/object/pricing.go
+++ b/object/pricing.go
@@ -31,6 +31,7 @@ type Pricing struct {

 	Plans         []string `xorm:"mediumtext" json:"plans"`
 	IsEnabled     bool     `json:"isEnabled"`
+	HasTrial      bool     `json:"hasTrial"`
 	TrialDuration int      `json:"trialDuration"`
 	Application   string   `xorm:"varchar(100)" json:"application"`

--- a/object/product.go
+++ b/object/product.go
@@ -156,24 +156,24 @@ func (product *Product) getProvider(providerId string) (*Provider, error) {
 	return provider, nil
 }

-func BuyProduct(id string, providerName string, user *User, host string) (string, string, error) {
+func BuyProduct(id string, providerName string, user *User, host string) (string, error) {
 	product, err := GetProduct(id)
 	if err != nil {
-		return "", "", err
+		return "", err
 	}

 	if product == nil {
-		return "", "", fmt.Errorf("the product: %s does not exist", id)
+		return "", fmt.Errorf("the product: %s does not exist", id)
 	}

 	provider, err := product.getProvider(providerName)
 	if err != nil {
-		return "", "", err
+		return "", err
 	}

 	pProvider, _, err := provider.getPaymentProvider()
 	if err != nil {
-		return "", "", err
+		return "", err
 	}

 	owner := product.Owner
@@ -186,9 +186,9 @@ func BuyProduct(id string, providerName string, user *User, host string) (string
 	returnUrl := fmt.Sprintf("%s/payments/%s/result", originFrontend, paymentName)
 	notifyUrl := fmt.Sprintf("%s/api/notify-payment/%s/%s/%s/%s", originBackend, owner, providerName, productName, paymentName)

-	payUrl, orderId, err := pProvider.Pay(providerName, productName, payerName, paymentName, productDisplayName, product.Price, product.Currency, returnUrl, notifyUrl)
+	payUrl, err := pProvider.Pay(providerName, productName, payerName, paymentName, productDisplayName, product.Price, returnUrl, notifyUrl)
 	if err != nil {
-		return "", "", err
+		return "", err
 	}

 	payment := Payment{
@@ -217,14 +217,14 @@ func BuyProduct(id string, providerName string, user *User, host string) (string

 	affected, err := AddPayment(&payment)
 	if err != nil {
-		return "", "", err
+		return "", err
 	}

 	if !affected {
-		return "", "", fmt.Errorf("failed to add payment: %s", util.StructToJson(payment))
+		return "", fmt.Errorf("failed to add payment: %s", util.StructToJson(payment))
 	}

-	return payUrl, orderId, err
+	return payUrl, err
 }

 func ExtendProductWithProviders(product *Product) error {
--- a/object/product_test.go
+++ b/object/product_test.go
@@ -38,7 +38,7 @@ func TestProduct(t *testing.T) {
 	paymentName := util.GenerateTimeId()
 	returnUrl := ""
 	notifyUrl := ""
-	payUrl, _, err := pProvider.Pay(provider.Name, product.Name, "alice", paymentName, product.DisplayName, product.Price, product.Currency, returnUrl, notifyUrl)
+	payUrl, err := pProvider.Pay(provider.Name, product.Name, "alice", paymentName, product.DisplayName, product.Price, returnUrl, notifyUrl)
 	if err != nil {
 		panic(err)
 	}
--- a/object/provider.go
+++ b/object/provider.go
@@ -225,10 +225,8 @@ func UpdateProvider(id string, provider *Provider) (bool, error) {
 		session = session.Omit("client_secret2")
 	}

-	if provider.Type != "Keycloak" {
-		provider.Endpoint = util.GetEndPoint(provider.Endpoint)
-		provider.IntranetEndpoint = util.GetEndPoint(provider.IntranetEndpoint)
-	}
+	provider.Endpoint = util.GetEndPoint(provider.Endpoint)
+	provider.IntranetEndpoint = util.GetEndPoint(provider.IntranetEndpoint)

 	affected, err := session.Update(provider)
 	if err != nil {
@@ -239,10 +237,8 @@ func UpdateProvider(id string, provider *Provider) (bool, error) {
 }

 func AddProvider(provider *Provider) (bool, error) {
-	if provider.Type != "Keycloak" {
-		provider.Endpoint = util.GetEndPoint(provider.Endpoint)
-		provider.IntranetEndpoint = util.GetEndPoint(provider.IntranetEndpoint)
-	}
+	provider.Endpoint = util.GetEndPoint(provider.Endpoint)
+	provider.IntranetEndpoint = util.GetEndPoint(provider.IntranetEndpoint)

 	affected, err := adapter.Engine.Insert(provider)
 	if err != nil {
--- a/object/role.go
+++ b/object/role.go
@@ -29,7 +29,6 @@ type Role struct {
 	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
 	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
 	DisplayName string `xorm:"varchar(100)" json:"displayName"`
-	Description string `xorm:"varchar(100)" json:"description"`

 	Users     []string `xorm:"mediumtext" json:"users"`
 	Roles     []string `xorm:"mediumtext" json:"roles"`
@@ -259,22 +258,11 @@ func GetRolesByUser(userId string) ([]*Role, error) {
 		return roles, err
 	}

-	allRolesIds := make([]string, 0, len(roles))
-
-	for _, role := range roles {
-		allRolesIds = append(allRolesIds, role.GetId())
+	for i := range roles {
+		roles[i].Users = nil
 	}

-	allRoles, err := GetAncestorRoles(allRolesIds...)
-	if err != nil {
-		return nil, err
-	}
-
-	for i := range allRoles {
-		allRoles[i].Users = nil
-	}
-
-	return allRoles, nil
+	return roles, nil
 }

 func roleChangeTrigger(oldName string, newName string) error {
@@ -346,22 +334,14 @@ func GetRolesByNamePrefix(owner string, prefix string) ([]*Role, error) {
 	return roles, nil
 }

-// GetAncestorRoles returns a list of roles that contain the given roleIds
-func GetAncestorRoles(roleIds ...string) ([]*Role, error) {
+func GetAncestorRoles(roleId string) ([]*Role, error) {
 	var (
-		result  = []*Role{}
+		result  []*Role
 		roleMap = make(map[string]*Role)
 		visited = make(map[string]bool)
 	)
-	if len(roleIds) == 0 {
-		return result, nil
-	}

-	for _, roleId := range roleIds {
-		visited[roleId] = true
-	}
-
-	owner, _ := util.GetOwnerAndNameFromIdNoCheck(roleIds[0])
+	owner, _ := util.GetOwnerAndNameFromIdNoCheck(roleId)

 	allRoles, err := GetRoles(owner)
 	if err != nil {
@@ -379,7 +359,7 @@ func GetAncestorRoles(roleIds ...string) ([]*Role, error) {
 			result = append(result, r)
 		} else if !ok {
 			rId := r.GetId()
-			visited[rId] = containsRole(r, roleMap, visited, roleIds...)
+			visited[rId] = containsRole(r, roleId, roleMap, visited)
 			if visited[rId] {
 				result = append(result, r)
 			}
@@ -389,19 +369,19 @@ func GetAncestorRoles(roleIds ...string) ([]*Role, error) {
 	return result, nil
 }

-// containsRole is a helper function to check if a roles is related to any role in the given list roles
-func containsRole(role *Role, roleMap map[string]*Role, visited map[string]bool, roleIds ...string) bool {
+// containsRole is a helper function to check if a slice of roles contains a specific roleId
+func containsRole(role *Role, roleId string, roleMap map[string]*Role, visited map[string]bool) bool {
 	if isContain, ok := visited[role.GetId()]; ok {
 		return isContain
 	}

 	for _, subRole := range role.Roles {
-		if util.HasString(roleIds, subRole) {
+		if subRole == roleId {
 			return true
 		}

 		r, ok := roleMap[subRole]
-		if ok && containsRole(r, roleMap, visited, roleIds...) {
+		if ok && containsRole(r, roleId, roleMap, visited) {
 			return true
 		}
 	}
--- a/object/saml_idp.go
+++ b/object/saml_idp.go
@@ -23,7 +23,6 @@ import (
 	"encoding/json"
 	"encoding/pem"
 	"encoding/xml"
-	"errors"
 	"fmt"
 	"io"
 	"time"
@@ -196,10 +195,6 @@ func GetSamlMeta(application *Application, host string) (*IdpEntityDescriptor, e
 		return nil, err
 	}

-	if cert == nil {
-		return nil, errors.New("please set a cert for the application first")
-	}
-
 	block, _ := pem.Decode([]byte(cert.Certificate))
 	certificate := base64.StdEncoding.EncodeToString(block.Bytes)

--- a/object/syncer_public_api.go
+++ b/object/syncer_public_api.go
@@ -38,7 +38,6 @@ func getEnabledSyncerForOrganization(organization string) (*Syncer, error) {

 	for _, syncer := range syncers {
 		if syncer.Organization == organization && syncer.IsEnabled {
-			syncer.initAdapter()
 			return syncer, nil
 		}
 	}
--- a/object/token.go
+++ b/object/token.go
@@ -628,12 +628,7 @@ func GetPasswordToken(application *Application, username string, password string
 			ErrorDescription: "the user does not exist",
 		}, nil
 	}
-	var msg string
-	if user.Ldap != "" {
-		msg = checkLdapUserPassword(user, password, "en")
-	} else {
-		msg = CheckPassword(user, password, "en")
-	}
+	msg := CheckPassword(user, password, "en")
 	if msg != "" {
 		return nil, &TokenError{
 			Error:            InvalidGrant,
--- a/object/user.go
+++ b/object/user.go
@@ -15,10 +15,12 @@
 package object

 import (
+	"bytes"
 	"fmt"
 	"strings"

 	"github.com/casdoor/casdoor/conf"
+	"github.com/casdoor/casdoor/proxy"
 	"github.com/casdoor/casdoor/util"
 	"github.com/go-webauthn/webauthn/webauthn"
 	"github.com/xorm-io/core"
@@ -44,7 +46,6 @@ type User struct {
 	FirstName         string   `xorm:"varchar(100)" json:"firstName"`
 	LastName          string   `xorm:"varchar(100)" json:"lastName"`
 	Avatar            string   `xorm:"varchar(500)" json:"avatar"`
-	AvatarType        string   `xorm:"varchar(100)" json:"avatarType"`
 	PermanentAvatar   string   `xorm:"varchar(500)" json:"permanentAvatar"`
 	Email             string   `xorm:"varchar(100) index" json:"email"`
 	EmailVerified     bool     `json:"emailVerified"`
@@ -76,9 +77,6 @@ type User struct {
 	SignupApplication string   `xorm:"varchar(100)" json:"signupApplication"`
 	Hash              string   `xorm:"varchar(100)" json:"hash"`
 	PreHash           string   `xorm:"varchar(100)" json:"preHash"`
-	Groups            []string `xorm:"varchar(1000)" json:"groups"`
-	AccessKey         string   `xorm:"varchar(100)" json:"accessKey"`
-	AccessSecret      string   `xorm:"varchar(100)" json:"accessSecret"`

 	CreatedIp      string `xorm:"varchar(100)" json:"createdIp"`
 	LastSigninTime string `xorm:"varchar(100)" json:"lastSigninTime"`
@@ -175,16 +173,16 @@ type User struct {
 }

 type Userinfo struct {
-	Sub         string   `json:"sub"`
-	Iss         string   `json:"iss"`
-	Aud         string   `json:"aud"`
-	Name        string   `json:"preferred_username,omitempty"`
-	DisplayName string   `json:"name,omitempty"`
-	Email       string   `json:"email,omitempty"`
-	Avatar      string   `json:"picture,omitempty"`
-	Address     string   `json:"address,omitempty"`
-	Phone       string   `json:"phone,omitempty"`
-	Groups      []string `json:"groups,omitempty"`
+	Sub          string `json:"sub"`
+	Iss          string `json:"iss"`
+	Aud          string `json:"aud"`
+	Organization string `json:"organization,omitempty"`
+	Name         string `json:"preferred_username,omitempty"`
+	DisplayName  string `json:"name,omitempty"`
+	Email        string `json:"email,omitempty"`
+	Avatar       string `json:"picture,omitempty"`
+	Address      string `json:"address,omitempty"`
+	Phone        string `json:"phone,omitempty"`
 }

 type ManagedAccount struct {
@@ -220,13 +218,8 @@ func GetPaginationGlobalUsers(offset, limit int, field, value, sortField, sortOr
 	return users, nil
 }

-func GetUserCount(owner, field, value string, groupId string) (int64, error) {
+func GetUserCount(owner, field, value string) (int64, error) {
 	session := GetSession(owner, -1, -1, field, value, "", "")
-
-	if groupId != "" {
-		return GetGroupUserCount(groupId, field, value)
-	}
-
 	return session.Count(&User{})
 }

@@ -264,18 +257,14 @@ func GetSortedUsers(owner string, sorter string, limit int) ([]*User, error) {
 	return users, nil
 }

-func GetPaginationUsers(owner string, offset, limit int, field, value, sortField, sortOrder string, groupId string) ([]*User, error) {
+func GetPaginationUsers(owner string, offset, limit int, field, value, sortField, sortOrder string) ([]*User, error) {
 	users := []*User{}
-
-	if groupId != "" {
-		return GetPaginationGroupUsers(groupId, offset, limit, field, value, sortField, sortOrder)
-	}
-
 	session := GetSessionForUser(owner, offset, limit, field, value, sortField, sortOrder)
 	err := session.Find(&users)
 	if err != nil {
 		return nil, err
 	}
+
 	return users, nil
 }

@@ -386,23 +375,6 @@ func GetUserByUserId(owner string, userId string) (*User, error) {
 	}
 }

-func GetUserByAccessKey(accessKey string) (*User, error) {
-	if accessKey == "" {
-		return nil, nil
-	}
-	user := User{AccessKey: accessKey}
-	existed, err := adapter.Engine.Get(&user)
-	if err != nil {
-		return nil, err
-	}
-
-	if existed {
-		return &user, nil
-	} else {
-		return nil, nil
-	}
-}
-
 func GetUser(id string) (*User, error) {
 	owner, name := util.GetOwnerAndNameFromId(id)
 	return getUser(owner, name)
@@ -507,7 +479,7 @@ func UpdateUser(id string, user *User, columns []string, isAdmin bool) (bool, er
 			"owner", "display_name", "avatar",
 			"location", "address", "country_code", "region", "language", "affiliation", "title", "homepage", "bio", "tag", "language", "gender", "birthday", "education", "score", "karma", "ranking", "signup_application",
 			"is_admin", "is_global_admin", "is_forbidden", "is_deleted", "hash", "is_default_avatar", "properties", "webauthnCredentials", "managedAccounts",
-			"signin_wrong_times", "last_signin_wrong_time", "groups", "access_key", "access_secret",
+			"signin_wrong_times", "last_signin_wrong_time",
 			"github", "google", "qq", "wechat", "facebook", "dingtalk", "weibo", "gitee", "linkedin", "wecom", "lark", "gitlab", "adfs",
 			"baidu", "alipay", "casdoor", "infoflow", "apple", "azuread", "slack", "steam", "bilibili", "okta", "douyin", "line", "amazon",
 			"auth0", "battlenet", "bitbucket", "box", "cloudfoundry", "dailymotion", "deezer", "digitalocean", "discord", "dropbox",
@@ -521,7 +493,7 @@ func UpdateUser(id string, user *User, columns []string, isAdmin bool) (bool, er
 		columns = append(columns, "name", "email", "phone", "country_code")
 	}

-	affected, err := updateUser(oldUser, user, columns)
+	affected, err := adapter.Engine.ID(core.PK{owner, name}).Cols(columns...).Update(user)
 	if err != nil {
 		return false, err
 	}
@@ -529,35 +501,6 @@ func UpdateUser(id string, user *User, columns []string, isAdmin bool) (bool, er
 	return affected != 0, nil
 }

-func updateUser(oldUser, user *User, columns []string) (int64, error) {
-	session := adapter.Engine.NewSession()
-	defer session.Close()
-
-	session.Begin()
-
-	if util.ContainsString(columns, "groups") {
-		affected, err := updateUserGroupRelation(session, user)
-		if err != nil {
-			session.Rollback()
-			return affected, err
-		}
-	}
-
-	affected, err := session.ID(core.PK{oldUser.Owner, oldUser.Name}).Cols(columns...).Update(user)
-	if err != nil {
-		session.Rollback()
-		return affected, err
-	}
-
-	err = session.Commit()
-	if err != nil {
-		session.Rollback()
-		return 0, err
-	}
-
-	return affected, nil
-}
-
 func UpdateUserForAllFields(id string, user *User) (bool, error) {
 	var err error
 	owner, name := util.GetOwnerAndNameFromId(id)
@@ -637,7 +580,7 @@ func AddUser(user *User) (bool, error) {
 		}
 	}

-	count, err := GetUserCount(user.Owner, "", "", "")
+	count, err := GetUserCount(user.Owner, "", "")
 	if err != nil {
 		return false, err
 	}
@@ -725,11 +668,6 @@ func DeleteUser(user *User) (bool, error) {
 		return false, err
 	}

-	affected, err = deleteRelationByUser(user.Id)
-	if err != nil {
-		return false, err
-	}
-
 	return affected != 0, nil
 }

@@ -742,10 +680,10 @@ func GetUserInfo(user *User, scope string, aud string, host string) *Userinfo {
 		Aud: aud,
 	}
 	if strings.Contains(scope, "profile") {
+		resp.Organization = user.Owner
 		resp.Name = user.Name
 		resp.DisplayName = user.DisplayName
 		resp.Avatar = user.Avatar
-		resp.Groups = []string{user.Owner}
 	}
 	if strings.Contains(scope, "email") {
 		resp.Email = user.Email
@@ -776,11 +714,12 @@ func ExtendUserWithRolesAndPermissions(user *User) (err error) {
 		return
 	}

-	user.Permissions, user.Roles, err = GetPermissionsAndRolesByUser(user.GetId())
+	user.Roles, err = GetRolesByUser(user.GetId())
 	if err != nil {
-		return err
+		return
 	}

+	user.Permissions, err = GetPermissionsByUser(user.GetId())
 	return
 }

@@ -842,6 +781,46 @@ func userChangeTrigger(oldName string, newName string) error {
 	return session.Commit()
 }

+func (user *User) refreshAvatar() (bool, error) {
+	var err error
+	var fileBuffer *bytes.Buffer
+	var ext string
+
+	// Gravatar + Identicon
+	if strings.Contains(user.Avatar, "Gravatar") && user.Email != "" {
+		client := proxy.ProxyHttpClient
+		has, err := hasGravatar(client, user.Email)
+		if err != nil {
+			return false, err
+		}
+
+		if has {
+			fileBuffer, ext, err = getGravatarFileBuffer(client, user.Email)
+			if err != nil {
+				return false, err
+			}
+		}
+	}
+
+	if fileBuffer == nil && strings.Contains(user.Avatar, "Identicon") {
+		fileBuffer, ext, err = getIdenticonFileBuffer(user.Name)
+		if err != nil {
+			return false, err
+		}
+	}
+
+	if fileBuffer != nil {
+		avatarUrl, err := getPermanentAvatarUrlFromBuffer(user.Owner, user.Name, fileBuffer, ext, true)
+		if err != nil {
+			return false, err
+		}
+		user.Avatar = avatarUrl
+		return true, nil
+	}
+
+	return false, nil
+}
+
 func (user *User) IsMfaEnabled() bool {
 	return len(user.MultiFactorAuths) > 0
 }
@@ -873,14 +852,3 @@ func (user *User) GetPreferMfa(masked bool) *MfaProps {
 		return user.MultiFactorAuths[0]
 	}
 }
-
-func AddUserkeys(user *User, isAdmin bool) (bool, error) {
-	if user == nil {
-		return false, nil
-	}
-
-	user.AccessKey = util.GenerateId()
-	user.AccessSecret = util.GenerateId()
-
-	return UpdateUser(user.GetId(), user, []string{}, isAdmin)
-}
--- a/object/user_avatar.go
+++ b/object/user_avatar.go
@@ -1,149 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package object
-
-import (
-	"bytes"
-	"fmt"
-	"io"
-	"net/http"
-	"strings"
-
-	"github.com/casdoor/casdoor/proxy"
-)
-
-func downloadImage(client *http.Client, url string) (*bytes.Buffer, string, error) {
-	// Download the image
-	req, err := http.NewRequest("GET", url, nil)
-	if err != nil {
-		return nil, "", err
-	}
-
-	resp, err := client.Do(req)
-	if err != nil {
-		fmt.Printf("downloadImage() error for url [%s]: %s\n", url, err.Error())
-		if strings.Contains(err.Error(), "EOF") {
-			return nil, "", nil
-		} else {
-			return nil, "", err
-		}
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode != http.StatusOK {
-		fmt.Printf("downloadImage() error for url [%s]: %s\n", url, resp.Status)
-		if resp.StatusCode == 404 {
-			return nil, "", nil
-		} else {
-			return nil, "", fmt.Errorf("failed to download gravatar image: %s", resp.Status)
-		}
-	}
-
-	// Get the content type and determine the file extension
-	contentType := resp.Header.Get("Content-Type")
-	fileExtension := ""
-
-	if strings.Contains(contentType, "text/html") {
-		fileExtension = ".html"
-	} else {
-		switch contentType {
-		case "image/jpeg":
-			fileExtension = ".jpg"
-		case "image/png":
-			fileExtension = ".png"
-		case "image/gif":
-			fileExtension = ".gif"
-		case "image/vnd.microsoft.icon":
-			fileExtension = ".ico"
-		case "image/x-icon":
-			fileExtension = ".ico"
-		default:
-			return nil, "", fmt.Errorf("unsupported content type: %s", contentType)
-		}
-	}
-
-	// Save the image to a bytes.Buffer
-	buffer := &bytes.Buffer{}
-	_, err = io.Copy(buffer, resp.Body)
-	if err != nil {
-		return nil, "", err
-	}
-
-	return buffer, fileExtension, nil
-}
-
-func (user *User) refreshAvatar() (bool, error) {
-	var err error
-	var fileBuffer *bytes.Buffer
-	var ext string
-
-	// Gravatar
-	if (user.AvatarType == "Auto" || user.AvatarType == "Gravatar") && user.Email != "" {
-		client := proxy.ProxyHttpClient
-
-		has, err := hasGravatar(client, user.Email)
-		if err != nil {
-			return false, err
-		}
-
-		if has {
-			fileBuffer, ext, err = getGravatarFileBuffer(client, user.Email)
-			if err != nil {
-				return false, err
-			}
-
-			if fileBuffer != nil {
-				user.AvatarType = "Gravatar"
-			}
-		}
-	}
-
-	// Favicon
-	if fileBuffer == nil && (user.AvatarType == "Auto" || user.AvatarType == "Favicon") {
-		client := proxy.ProxyHttpClient
-
-		fileBuffer, ext, err = getFaviconFileBuffer(client, user.Email)
-		if err != nil {
-			return false, err
-		}
-
-		if fileBuffer != nil {
-			user.AvatarType = "Favicon"
-		}
-	}
-
-	// Identicon
-	if fileBuffer == nil && (user.AvatarType == "Auto" || user.AvatarType == "Identicon") {
-		fileBuffer, ext, err = getIdenticonFileBuffer(user.Name)
-		if err != nil {
-			return false, err
-		}
-
-		if fileBuffer != nil {
-			user.AvatarType = "Identicon"
-		}
-	}
-
-	if fileBuffer != nil {
-		avatarUrl, err := getPermanentAvatarUrlFromBuffer(user.Owner, user.Name, fileBuffer, ext, true)
-		if err != nil {
-			return false, err
-		}
-		user.Avatar = avatarUrl
-		return true, nil
-	}
-
-	return false, nil
-}
--- a/object/user_avatar_favicon.go
+++ b/object/user_avatar_favicon.go
@@ -1,220 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package object
-
-import (
-	"bytes"
-	"fmt"
-	"net/http"
-	"net/url"
-	"strings"
-
-	"golang.org/x/net/html"
-)
-
-type Link struct {
-	Rel   string
-	Sizes string
-	Href  string
-}
-
-func GetFaviconUrl(htmlStr string) (string, error) {
-	doc, err := html.Parse(strings.NewReader(htmlStr))
-	if err != nil {
-		return "", err
-	}
-
-	var links []Link
-	findLinks(doc, &links)
-
-	if len(links) == 0 {
-		return "", fmt.Errorf("no Favicon links found")
-	}
-
-	chosenLink := chooseFaviconLink(links)
-	if chosenLink == nil {
-		return "", fmt.Errorf("unable to determine favicon URL")
-	}
-
-	return chosenLink.Href, nil
-}
-
-func findLinks(n *html.Node, links *[]Link) {
-	if n.Type == html.ElementNode && n.Data == "link" {
-		link := parseLink(n)
-		if link != nil {
-			*links = append(*links, *link)
-		}
-	}
-
-	for c := n.FirstChild; c != nil; c = c.NextSibling {
-		findLinks(c, links)
-	}
-}
-
-func parseLink(n *html.Node) *Link {
-	var link Link
-
-	for _, attr := range n.Attr {
-		switch attr.Key {
-		case "rel":
-			link.Rel = attr.Val
-		case "sizes":
-			link.Sizes = attr.Val
-		case "href":
-			link.Href = attr.Val
-		}
-	}
-
-	if link.Href != "" {
-		return &link
-	}
-
-	return nil
-}
-
-func chooseFaviconLink(links []Link) *Link {
-	var appleTouchLinks []Link
-	var shortcutLinks []Link
-	var iconLinks []Link
-
-	for _, link := range links {
-		switch link.Rel {
-		case "apple-touch-icon":
-			appleTouchLinks = append(appleTouchLinks, link)
-		case "shortcut icon":
-			shortcutLinks = append(shortcutLinks, link)
-		case "icon":
-			iconLinks = append(iconLinks, link)
-		}
-	}
-
-	if len(appleTouchLinks) > 0 {
-		return chooseFaviconLinkBySizes(appleTouchLinks)
-	}
-
-	if len(shortcutLinks) > 0 {
-		return chooseFaviconLinkBySizes(shortcutLinks)
-	}
-
-	if len(iconLinks) > 0 {
-		return chooseFaviconLinkBySizes(iconLinks)
-	}
-
-	return nil
-}
-
-func chooseFaviconLinkBySizes(links []Link) *Link {
-	if len(links) == 1 {
-		return &links[0]
-	}
-
-	var chosenLink *Link
-
-	for _, link := range links {
-		if chosenLink == nil || compareSizes(link.Sizes, chosenLink.Sizes) > 0 {
-			chosenLink = &link
-		}
-	}
-
-	return chosenLink
-}
-
-func compareSizes(sizes1, sizes2 string) int {
-	if sizes1 == sizes2 {
-		return 0
-	}
-
-	size1 := parseSize(sizes1)
-	size2 := parseSize(sizes2)
-
-	if size1 == nil {
-		return -1
-	}
-
-	if size2 == nil {
-		return 1
-	}
-
-	if size1[0] == size2[0] {
-		return size1[1] - size2[1]
-	}
-
-	return size1[0] - size2[0]
-}
-
-func parseSize(sizes string) []int {
-	size := strings.Split(sizes, "x")
-	if len(size) != 2 {
-		return nil
-	}
-
-	var result []int
-
-	for _, s := range size {
-		val := strings.TrimSpace(s)
-		if len(val) > 0 {
-			num := 0
-			for i := 0; i < len(val); i++ {
-				if val[i] >= '0' && val[i] <= '9' {
-					num = num*10 + int(val[i]-'0')
-				} else {
-					break
-				}
-			}
-			result = append(result, num)
-		}
-	}
-
-	if len(result) == 2 {
-		return result
-	}
-
-	return nil
-}
-
-func getFaviconFileBuffer(client *http.Client, email string) (*bytes.Buffer, string, error) {
-	tokens := strings.Split(email, "@")
-	domain := tokens[1]
-	if domain == "gmail.com" || domain == "163.com" || domain == "qq.com" {
-		return nil, "", nil
-	}
-
-	htmlUrl := fmt.Sprintf("https://%s", domain)
-	buffer, _, err := downloadImage(client, htmlUrl)
-	if err != nil {
-		return nil, "", err
-	}
-
-	faviconUrl := ""
-	if buffer != nil {
-		faviconUrl, err = GetFaviconUrl(buffer.String())
-		if err != nil {
-			return nil, "", err
-		}
-
-		if !strings.HasPrefix(faviconUrl, "http") {
-			faviconUrl, err = url.JoinPath(htmlUrl, faviconUrl)
-			if err != nil {
-				return nil, "", err
-			}
-		}
-	}
-
-	if faviconUrl == "" {
-		faviconUrl = fmt.Sprintf("https://%s/favicon.ico", domain)
-	}
-	return downloadImage(client, faviconUrl)
-}
--- a/object/user_avatar_gravatar.go
+++ b/object/user_avatar_gravatar.go
@@ -1,76 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package object
-
-import (
-	"bytes"
-	"crypto/md5"
-	"fmt"
-	"io"
-	"net/http"
-	"strings"
-)
-
-func hasGravatar(client *http.Client, email string) (bool, error) {
-	// Clean and lowercase the email
-	email = strings.TrimSpace(strings.ToLower(email))
-
-	// Generate MD5 hash of the email
-	hash := md5.New()
-	io.WriteString(hash, email)
-	hashedEmail := fmt.Sprintf("%x", hash.Sum(nil))
-
-	// Create Gravatar URL with d=404 parameter
-	gravatarURL := fmt.Sprintf("https://www.gravatar.com/avatar/%s?d=404", hashedEmail)
-
-	// Send a request to Gravatar
-	req, err := http.NewRequest("GET", gravatarURL, nil)
-	if err != nil {
-		return false, err
-	}
-
-	resp, err := client.Do(req)
-	if err != nil {
-		return false, err
-	}
-	defer resp.Body.Close()
-
-	// Check if the user has a custom Gravatar image
-	if resp.StatusCode == http.StatusOK {
-		return true, nil
-	} else if resp.StatusCode == http.StatusNotFound {
-		return false, nil
-	} else {
-		return false, fmt.Errorf("failed to fetch gravatar image: %s", resp.Status)
-	}
-}
-
-func getGravatarFileBuffer(client *http.Client, email string) (*bytes.Buffer, string, error) {
-	// Clean and lowercase the email
-	email = strings.TrimSpace(strings.ToLower(email))
-
-	// Generate MD5 hash of the email
-	hash := md5.New()
-	_, err := io.WriteString(hash, email)
-	if err != nil {
-		return nil, "", err
-	}
-	hashedEmail := fmt.Sprintf("%x", hash.Sum(nil))
-
-	// Create Gravatar URL
-	gravatarUrl := fmt.Sprintf("https://www.gravatar.com/avatar/%s", hashedEmail)
-
-	return downloadImage(client, gravatarUrl)
-}
--- a/object/user_avatar_identicon.go
+++ b/object/user_avatar_identicon.go
@@ -1,80 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package object
-
-import (
-	"bytes"
-	"crypto/md5"
-	"fmt"
-	"image"
-	"image/color"
-	"image/png"
-	"io"
-	"strings"
-
-	"github.com/fogleman/gg"
-)
-
-func getColor(data []byte) color.RGBA {
-	r := int(data[0]) % 256
-	g := int(data[1]) % 256
-	b := int(data[2]) % 256
-	return color.RGBA{uint8(r), uint8(g), uint8(b), 255}
-}
-
-func getIdenticonFileBuffer(username string) (*bytes.Buffer, string, error) {
-	username = strings.TrimSpace(strings.ToLower(username))
-
-	hash := md5.New()
-	io.WriteString(hash, username)
-	hashedUsername := hash.Sum(nil)
-
-	// Define the size of the image
-	const imageSize = 420
-	const cellSize = imageSize / 7
-
-	// Create a new image
-	img := image.NewRGBA(image.Rect(0, 0, imageSize, imageSize))
-
-	// Create a context
-	dc := gg.NewContextForRGBA(img)
-
-	// Set a background color
-	dc.SetColor(color.RGBA{240, 240, 240, 255})
-	dc.Clear()
-
-	// Get avatar color
-	avatarColor := getColor(hashedUsername)
-
-	// Draw cells
-	for i := 0; i < 7; i++ {
-		for j := 0; j < 7; j++ {
-			if (hashedUsername[i] >> uint(j) & 1) == 1 {
-				dc.SetColor(avatarColor)
-				dc.DrawRectangle(float64(j*cellSize), float64(i*cellSize), float64(cellSize), float64(cellSize))
-				dc.Fill()
-			}
-		}
-	}
-
-	// Save image to a bytes.Buffer
-	buffer := &bytes.Buffer{}
-	err := png.Encode(buffer, img)
-	if err != nil {
-		return nil, "", fmt.Errorf("failed to save image: %w", err)
-	}
-
-	return buffer, ".png", nil
-}
--- a/object/user_group.go
+++ b/object/user_group.go
@@ -1,157 +0,0 @@
-package object
-
-import (
-	"errors"
-	"fmt"
-
-	"github.com/casdoor/casdoor/util"
-	"github.com/xorm-io/core"
-	"github.com/xorm-io/xorm"
-)
-
-type UserGroupRelation struct {
-	UserId  string `xorm:"varchar(100) notnull pk" json:"userId"`
-	GroupId string `xorm:"varchar(100) notnull pk" json:"groupId"`
-
-	CreatedTime string `xorm:"created" json:"createdTime"`
-	UpdatedTime string `xorm:"updated" json:"updatedTime"`
-}
-
-func updateUserGroupRelation(session *xorm.Session, user *User) (int64, error) {
-	physicalGroupCount, err := session.Where("type = ?", "Physical").In("id", user.Groups).Count(Group{})
-	if err != nil {
-		return 0, err
-	}
-	if physicalGroupCount > 1 {
-		return 0, errors.New("user can only be in one physical group")
-	}
-
-	groups := []*Group{}
-	err = session.In("id", user.Groups).Find(&groups)
-	if err != nil {
-		return 0, err
-	}
-	if len(groups) != len(user.Groups) {
-		return 0, errors.New("group not found")
-	}
-
-	_, err = session.Delete(&UserGroupRelation{UserId: user.Id})
-	if err != nil {
-		return 0, err
-	}
-
-	relations := []*UserGroupRelation{}
-	for _, group := range groups {
-		relations = append(relations, &UserGroupRelation{UserId: user.Id, GroupId: group.Id})
-	}
-	if len(relations) == 0 {
-		return 1, nil
-	}
-	_, err = session.Insert(relations)
-	if err != nil {
-		return 0, err
-	}
-
-	return 1, nil
-}
-
-func RemoveUserFromGroup(owner, name, groupId string) (bool, error) {
-	user, err := getUser(owner, name)
-	if err != nil {
-		return false, err
-	}
-
-	groups := []string{}
-	for _, group := range user.Groups {
-		if group != groupId {
-			groups = append(groups, group)
-		}
-	}
-	user.Groups = groups
-
-	_, err = UpdateUser(util.GetId(owner, name), user, []string{"groups"}, false)
-	if err != nil {
-		return false, err
-	}
-	return true, nil
-}
-
-func deleteUserGroupRelation(session *xorm.Session, userId, groupId string) (int64, error) {
-	affected, err := session.ID(core.PK{userId, groupId}).Delete(&UserGroupRelation{})
-	return affected, err
-}
-
-func deleteRelationByUser(id string) (int64, error) {
-	affected, err := adapter.Engine.Delete(&UserGroupRelation{UserId: id})
-	return affected, err
-}
-
-func GetGroupUserCount(id string, field, value string) (int64, error) {
-	group, err := GetGroup(id)
-	if group == nil || err != nil {
-		return 0, err
-	}
-
-	if field == "" && value == "" {
-		return adapter.Engine.Count(UserGroupRelation{GroupId: group.Id})
-	} else {
-		return adapter.Engine.Table("user").
-			Join("INNER", []string{"user_group_relation", "r"}, "user.id = r.user_id").
-			Where("r.group_id = ?", group.Id).
-			And(fmt.Sprintf("user.%s LIKE ?", util.CamelToSnakeCase(field)), "%"+value+"%").
-			Count()
-	}
-}
-
-func GetPaginationGroupUsers(id string, offset, limit int, field, value, sortField, sortOrder string) ([]*User, error) {
-	group, err := GetGroup(id)
-	if group == nil || err != nil {
-		return nil, err
-	}
-
-	users := []*User{}
-	session := adapter.Engine.Table("user").
-		Join("INNER", []string{"user_group_relation", "r"}, "user.id = r.user_id").
-		Where("r.group_id = ?", group.Id)
-
-	if offset != -1 && limit != -1 {
-		session.Limit(limit, offset)
-	}
-
-	if field != "" && value != "" {
-		session = session.And(fmt.Sprintf("user.%s LIKE ?", util.CamelToSnakeCase(field)), "%"+value+"%")
-	}
-
-	if sortField == "" || sortOrder == "" {
-		sortField = "created_time"
-	}
-	if sortOrder == "ascend" {
-		session = session.Asc(fmt.Sprintf("user.%s", util.SnakeString(sortField)))
-	} else {
-		session = session.Desc(fmt.Sprintf("user.%s", util.SnakeString(sortField)))
-	}
-
-	err = session.Find(&users)
-	if err != nil {
-		return nil, err
-	}
-
-	return users, nil
-}
-
-func GetGroupUsers(id string) ([]*User, error) {
-	group, err := GetGroup(id)
-	if group == nil || err != nil {
-		return []*User{}, err
-	}
-
-	users := []*User{}
-	err = adapter.Engine.Table("user_group_relation").Join("INNER", []string{"user", "u"}, "user_group_relation.user_id = u.id").
-		Where("user_group_relation.group_id = ?", group.Id).
-		Find(&users)
-	if err != nil {
-		return nil, err
-	}
-
-	return users, nil
-}
--- a/object/user_util.go
+++ b/object/user_util.go
@@ -295,13 +295,6 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 		itemsChanged = append(itemsChanged, item)
 	}

-	oldUserGroupsJson, _ := json.Marshal(oldUser.Groups)
-	newUserGroupsJson, _ := json.Marshal(newUser.Groups)
-	if string(oldUserGroupsJson) != string(newUserGroupsJson) {
-		item := GetAccountItemByName("Groups", organization)
-		itemsChanged = append(itemsChanged, item)
-	}
-
 	if oldUser.IsAdmin != newUser.IsAdmin {
 		item := GetAccountItemByName("Is admin", organization)
 		itemsChanged = append(itemsChanged, item)
--- a/object/verification.go
+++ b/object/verification.go
@@ -224,7 +224,7 @@ func GetVerifyType(username string) (verificationCodeType string) {
 	if strings.Contains(username, "@") {
 		return VerifyTypeEmail
 	} else {
-		return VerifyTypePhone
+		return VerifyTypeEmail
 	}
 }

--- a/pp/alipay.go
+++ b/pp/alipay.go
@@ -45,7 +45,7 @@ func NewAlipayPaymentProvider(appId string, appCertificate string, appPrivateKey
 	return pp, nil
 }

-func (pp *AlipayPaymentProvider) Pay(providerName string, productName string, payerName string, paymentName string, productDisplayName string, price float64, currency string, returnUrl string, notifyUrl string) (string, string, error) {
+func (pp *AlipayPaymentProvider) Pay(providerName string, productName string, payerName string, paymentName string, productDisplayName string, price float64, returnUrl string, notifyUrl string) (string, error) {
 	// pp.Client.DebugSwitch = gopay.DebugOn

 	bm := gopay.BodyMap{}
@@ -62,12 +62,12 @@ func (pp *AlipayPaymentProvider) Pay(providerName string, productName string, pa

 	payUrl, err := pp.Client.TradePagePay(context.Background(), bm)
 	if err != nil {
-		return "", "", err
+		return "", err
 	}
-	return payUrl, "", nil
+	return payUrl, nil
 }

-func (pp *AlipayPaymentProvider) Notify(request *http.Request, body []byte, authorityPublicKey string, orderId string) (string, string, float64, string, string, error) {
+func (pp *AlipayPaymentProvider) Notify(request *http.Request, body []byte, authorityPublicKey string) (string, string, float64, string, string, error) {
 	bm, err := alipay.ParseNotifyToBodyMap(request)
 	if err != nil {
 		return "", "", 0, "", "", err
--- a/pp/dummy.go
+++ b/pp/dummy.go
@@ -26,12 +26,12 @@ func NewDummyPaymentProvider() (*DummyPaymentProvider, error) {
 	return pp, nil
 }

-func (pp *DummyPaymentProvider) Pay(providerName string, productName string, payerName string, paymentName string, productDisplayName string, price float64, currency string, returnUrl string, notifyUrl string) (string, string, error) {
+func (pp *DummyPaymentProvider) Pay(providerName string, productName string, payerName string, paymentName string, productDisplayName string, price float64, returnUrl string, notifyUrl string) (string, error) {
 	payUrl := fmt.Sprintf("/payments/%s/result", paymentName)
-	return payUrl, "", nil
+	return payUrl, nil
 }

-func (pp *DummyPaymentProvider) Notify(request *http.Request, body []byte, authorityPublicKey string, orderId string) (string, string, float64, string, string, error) {
+func (pp *DummyPaymentProvider) Notify(request *http.Request, body []byte, authorityPublicKey string) (string, string, float64, string, string, error) {
 	return "", "", 0, "", "", nil
 }

--- a/pp/gc.go
+++ b/pp/gc.go
@@ -153,7 +153,7 @@ func (pp *GcPaymentProvider) doPost(postBytes []byte) ([]byte, error) {
 	return respBytes, nil
 }

-func (pp *GcPaymentProvider) Pay(providerName string, productName string, payerName string, paymentName string, productDisplayName string, price float64, currency string, returnUrl string, notifyUrl string) (string, string, error) {
+func (pp *GcPaymentProvider) Pay(providerName string, productName string, payerName string, paymentName string, productDisplayName string, price float64, returnUrl string, notifyUrl string) (string, error) {
 	payReqInfo := GcPayReqInfo{
 		OrderDate: util.GenerateSimpleTimeId(),
 		OrderNo:   paymentName,
@@ -168,7 +168,7 @@ func (pp *GcPaymentProvider) Pay(providerName string, productName string, payerN

 	b, err := json.Marshal(payReqInfo)
 	if err != nil {
-		return "", "", err
+		return "", err
 	}

 	body := GcRequestBody{
@@ -184,39 +184,39 @@ func (pp *GcPaymentProvider) Pay(providerName string, productName string, payerN

 	bodyBytes, err := json.Marshal(body)
 	if err != nil {
-		return "", "", err
+		return "", err
 	}

 	respBytes, err := pp.doPost(bodyBytes)
 	if err != nil {
-		return "", "", err
+		return "", err
 	}

 	var respBody GcResponseBody
 	err = json.Unmarshal(respBytes, &respBody)
 	if err != nil {
-		return "", "", err
+		return "", err
 	}

 	if respBody.ReturnCode != "SUCCESS" {
-		return "", "", fmt.Errorf("%s: %s", respBody.ReturnCode, respBody.ReturnMsg)
+		return "", fmt.Errorf("%s: %s", respBody.ReturnCode, respBody.ReturnMsg)
 	}

 	payRespInfoBytes, err := base64.StdEncoding.DecodeString(respBody.Data)
 	if err != nil {
-		return "", "", err
+		return "", err
 	}

 	var payRespInfo GcPayRespInfo
 	err = json.Unmarshal(payRespInfoBytes, &payRespInfo)
 	if err != nil {
-		return "", "", err
+		return "", err
 	}

-	return payRespInfo.PayUrl, "", nil
+	return payRespInfo.PayUrl, nil
 }

-func (pp *GcPaymentProvider) Notify(request *http.Request, body []byte, authorityPublicKey string, orderId string) (string, string, float64, string, string, error) {
+func (pp *GcPaymentProvider) Notify(request *http.Request, body []byte, authorityPublicKey string) (string, string, float64, string, string, error) {
 	reqBody := GcRequestBody{}
 	m, err := url.ParseQuery(string(body))
 	if err != nil {
--- a/pp/paypal.go
+++ b/pp/paypal.go
@@ -16,13 +16,10 @@ package pp

 import (
 	"context"
-	"errors"
+	"fmt"
 	"net/http"
-	"strconv"

-	"github.com/go-pay/gopay"
-	"github.com/go-pay/gopay/paypal"
-	"github.com/go-pay/gopay/pkg/util"
+	"github.com/plutov/paypal/v4"
 )

 type PaypalPaymentProvider struct {
@@ -32,7 +29,7 @@ type PaypalPaymentProvider struct {
 func NewPaypalPaymentProvider(clientID string, secret string) (*PaypalPaymentProvider, error) {
 	pp := &PaypalPaymentProvider{}

-	client, err := paypal.NewClient(clientID, secret, false)
+	client, err := paypal.NewClient(clientID, secret, paypal.APIBaseSandBox)
 	if err != nil {
 		return nil, err
 	}
@@ -41,62 +38,51 @@ func NewPaypalPaymentProvider(clientID string, secret string) (*PaypalPaymentPro
 	return pp, nil
 }

-func (pp *PaypalPaymentProvider) Pay(providerName string, productName string, payerName string, paymentName string, productDisplayName string, price float64, currency string, returnUrl string, notifyUrl string) (string, string, error) {
-	// pp.Client.DebugSwitch = gopay.DebugOn // Set log to terminal stdout
+func (pp *PaypalPaymentProvider) Pay(providerName string, productName string, payerName string, paymentName string, productDisplayName string, price float64, returnUrl string, notifyUrl string) (string, error) {
+	// pp.Client.SetLog(os.Stdout) // Set log to terminal stdout

-	priceStr := strconv.FormatFloat(price, 'f', 2, 64)
-	var pus []*paypal.PurchaseUnit
-	item := &paypal.PurchaseUnit{
-		ReferenceId: util.GetRandomString(16),
-		Amount: &paypal.Amount{
-			CurrencyCode: currency,
-			Value:        priceStr,
+	receiverEmail := "sb-tmsqa26118644@business.example.com"
+
+	amount := paypal.AmountPayout{
+		Value:    fmt.Sprintf("%.2f", price),
+		Currency: "USD",
+	}
+
+	description := fmt.Sprintf("%s-%s", providerName, productName)
+
+	payout := paypal.Payout{
+		SenderBatchHeader: &paypal.SenderBatchHeader{
+			EmailSubject: description,
+		},
+		Items: []paypal.PayoutItem{
+			{
+				RecipientType: "EMAIL",
+				Receiver:      receiverEmail,
+				Amount:        &amount,
+				Note:          description,
+				SenderItemID:  description,
+			},
 		},
-		Description: joinAttachString([]string{productDisplayName, productName, providerName}),
 	}
-	pus = append(pus, item)

-	bm := make(gopay.BodyMap)
-	bm.Set("intent", "CAPTURE")
-	bm.Set("purchase_units", pus)
-	bm.SetBodyMap("application_context", func(b gopay.BodyMap) {
-		b.Set("brand_name", "Casdoor")
-		b.Set("locale", "en-PT")
-		b.Set("return_url", returnUrl)
-	})
-
-	ppRsp, err := pp.Client.CreateOrder(context.Background(), bm)
+	_, err := pp.Client.GetAccessToken(context.Background())
 	if err != nil {
-		return "", "", err
-	}
-	if ppRsp.Code != paypal.Success {
-		return "", "", errors.New(ppRsp.Error)
+		return "", err
 	}

-	return ppRsp.Response.Links[1].Href, ppRsp.Response.Id, nil
+	payoutResponse, err := pp.Client.CreatePayout(context.Background(), payout)
+	if err != nil {
+		return "", err
+	}
+
+	payUrl := payoutResponse.Links[0].Href
+	return payUrl, nil
 }

-func (pp *PaypalPaymentProvider) Notify(request *http.Request, body []byte, authorityPublicKey string, orderId string) (string, string, float64, string, string, error) {
-	ppRsp, err := pp.Client.OrderCapture(context.Background(), orderId, nil)
-	if err != nil {
-		return "", "", 0, "", "", err
-	}
-	if ppRsp.Code != paypal.Success {
-		return "", "", 0, "", "", errors.New(ppRsp.Error)
-	}
-
-	paymentName := ppRsp.Response.Id
-	price, err := strconv.ParseFloat(ppRsp.Response.PurchaseUnits[0].Amount.Value, 64)
-	if err != nil {
-		return "", "", 0, "", "", err
-	}
-
-	productDisplayName, productName, providerName, err := parseAttachString(ppRsp.Response.PurchaseUnits[0].Description)
-	if err != nil {
-		return "", "", 0, "", "", err
-	}
-
-	return productDisplayName, paymentName, price, productName, providerName, nil
+func (pp *PaypalPaymentProvider) Notify(request *http.Request, body []byte, authorityPublicKey string) (string, string, float64, string, string, error) {
+	// The PayPal SDK does not directly support IPN verification.
+	// So, you need to implement this part according to PayPal's IPN guide.
+	return "", "", 0, "", "", nil
 }

 func (pp *PaypalPaymentProvider) GetInvoice(paymentName string, personName string, personIdCard string, personEmail string, personPhone string, invoiceType string, invoiceTitle string, invoiceTaxId string) (string, error) {
--- a/pp/provider.go
+++ b/pp/provider.go
@@ -17,8 +17,8 @@ package pp
 import "net/http"

 type PaymentProvider interface {
-	Pay(providerName string, productName string, payerName string, paymentName string, productDisplayName string, price float64, currency string, returnUrl string, notifyUrl string) (string, string, error)
-	Notify(request *http.Request, body []byte, authorityPublicKey string, orderId string) (string, string, float64, string, string, error)
+	Pay(providerName string, productName string, payerName string, paymentName string, productDisplayName string, price float64, returnUrl string, notifyUrl string) (string, error)
+	Notify(request *http.Request, body []byte, authorityPublicKey string) (string, string, float64, string, string, error)
 	GetInvoice(paymentName string, personName string, personIdCard string, personEmail string, personPhone string, invoiceType string, invoiceTitle string, invoiceTaxId string) (string, error)
 	GetResponseError(err error) string
 }
--- a/pp/wechatpay.go
+++ b/pp/wechatpay.go
@@ -56,7 +56,7 @@ func NewWechatPaymentProvider(mchId string, apiV3Key string, appId string, mchCe
 	return pp, nil
 }

-func (pp *WechatPaymentProvider) Pay(providerName string, productName string, payerName string, paymentName string, productDisplayName string, price float64, currency string, returnUrl string, notifyUrl string) (string, string, error) {
+func (pp *WechatPaymentProvider) Pay(providerName string, productName string, payerName string, paymentName string, productDisplayName string, price float64, returnUrl string, notifyUrl string) (string, error) {
 	// pp.Client.DebugSwitch = gopay.DebugOn

 	bm := gopay.BodyMap{}
@@ -73,17 +73,17 @@ func (pp *WechatPaymentProvider) Pay(providerName string, productName string, pa

 	wxRsp, err := pp.Client.V3TransactionNative(context.Background(), bm)
 	if err != nil {
-		return "", "", err
+		return "", err
 	}

 	if wxRsp.Code != wechat.Success {
-		return "", "", errors.New(wxRsp.Error)
+		return "", errors.New(wxRsp.Error)
 	}

-	return wxRsp.Response.CodeUrl, "", nil
+	return wxRsp.Response.CodeUrl, nil
 }

-func (pp *WechatPaymentProvider) Notify(request *http.Request, body []byte, authorityPublicKey string, orderId string) (string, string, float64, string, string, error) {
+func (pp *WechatPaymentProvider) Notify(request *http.Request, body []byte, authorityPublicKey string) (string, string, float64, string, string, error) {
 	notifyReq, err := wechat.V3ParseNotify(request)
 	if err != nil {
 		panic(err)
--- a/proxy/proxy.go
+++ b/proxy/proxy.go
@@ -15,7 +15,6 @@
 package proxy

 import (
-	"crypto/tls"
 	"fmt"
 	"net"
 	"net/http"
@@ -72,7 +71,7 @@ func getProxyHttpClient() *http.Client {
 		panic(err)
 	}

-	tr := &http.Transport{Dial: dialer.Dial, TLSClientConfig: &tls.Config{InsecureSkipVerify: true}}
+	tr := &http.Transport{Dial: dialer.Dial}
 	return &http.Client{
 		Transport: tr,
 	}
--- a/routers/authz_filter.go
+++ b/routers/authz_filter.go
@@ -26,10 +26,8 @@ import (
 )

 type Object struct {
-	Owner        string `json:"owner"`
-	Name         string `json:"name"`
-	AccessKey    string `json:"accessKey"`
-	AccessSecret string `json:"accessSecret"`
+	Owner string `json:"owner"`
+	Name  string `json:"name"`
 }

 func getUsername(ctx *context.Context) (username string) {
@@ -45,9 +43,6 @@ func getUsername(ctx *context.Context) (username string) {
 		username = getUsernameByClientIdSecret(ctx)
 	}

-	if username == "" {
-		username = getUsernameByKeys(ctx)
-	}
 	return
 }

@@ -103,30 +98,6 @@ func getObject(ctx *context.Context) (string, string) {
 	}
 }

-func getKeys(ctx *context.Context) (string, string) {
-	method := ctx.Request.Method
-
-	if method == http.MethodGet {
-		accessKey := ctx.Input.Query("accessKey")
-		accessSecret := ctx.Input.Query("accessSecret")
-		return accessKey, accessSecret
-	} else {
-		body := ctx.Input.RequestBody
-
-		if len(body) == 0 {
-			return ctx.Request.Form.Get("accessKey"), ctx.Request.Form.Get("accessSecret")
-		}
-
-		var obj Object
-		err := json.Unmarshal(body, &obj)
-		if err != nil {
-			return "", ""
-		}
-
-		return obj.AccessKey, obj.AccessSecret
-	}
-}
-
 func willLog(subOwner string, subName string, method string, urlPath string, objOwner string, objName string) bool {
 	if subOwner == "anonymous" && subName == "anonymous" && method == "GET" && (urlPath == "/api/get-account" || urlPath == "/api/get-app-login") && objOwner == "" && objName == "" {
 		return false
--- a/routers/auto_signin_filter.go
+++ b/routers/auto_signin_filter.go
@@ -49,7 +49,7 @@ func AutoSigninFilter(ctx *context.Context) {
 		}

 		userId := util.GetId(token.Organization, token.User)
-		application, err := object.GetApplicationByUserId(fmt.Sprintf("app/%s", token.Application))
+		application, _, err := object.GetApplicationByUserId(fmt.Sprintf("app/%s", token.Application))
 		if err != nil {
 			panic(err)
 		}
--- a/routers/base.go
+++ b/routers/base.go
@@ -84,19 +84,6 @@ func getUsernameByClientIdSecret(ctx *context.Context) string {
 	return fmt.Sprintf("app/%s", application.Name)
 }

-func getUsernameByKeys(ctx *context.Context) string {
-	accessKey, accessSecret := getKeys(ctx)
-	user, err := object.GetUserByAccessKey(accessKey)
-	if err != nil {
-		panic(err)
-	}
-
-	if user != nil && accessSecret == user.AccessSecret {
-		return user.GetId()
-	}
-	return ""
-}
-
 func getSessionUser(ctx *context.Context) string {
 	user := ctx.Input.CruSession.Get("username")
 	if user == nil {
--- a/routers/router.go
+++ b/routers/router.go
@@ -73,17 +73,9 @@ func initAPI() {
 	beego.Router("/api/get-user-count", &controllers.ApiController{}, "GET:GetUserCount")
 	beego.Router("/api/get-user", &controllers.ApiController{}, "GET:GetUser")
 	beego.Router("/api/update-user", &controllers.ApiController{}, "POST:UpdateUser")
-	beego.Router("/api/add-user-keys", &controllers.ApiController{}, "POST:AddUserkeys")
 	beego.Router("/api/add-user", &controllers.ApiController{}, "POST:AddUser")
 	beego.Router("/api/delete-user", &controllers.ApiController{}, "POST:DeleteUser")
 	beego.Router("/api/upload-users", &controllers.ApiController{}, "POST:UploadUsers")
-	beego.Router("/api/remove-user-from-group", &controllers.ApiController{}, "POST:RemoveUserFromGroup")
-
-	beego.Router("/api/get-groups", &controllers.ApiController{}, "GET:GetGroups")
-	beego.Router("/api/get-group", &controllers.ApiController{}, "GET:GetGroup")
-	beego.Router("/api/update-group", &controllers.ApiController{}, "POST:UpdateGroup")
-	beego.Router("/api/add-group", &controllers.ApiController{}, "POST:AddGroup")
-	beego.Router("/api/delete-group", &controllers.ApiController{}, "POST:DeleteGroup")

 	beego.Router("/api/get-roles", &controllers.ApiController{}, "GET:GetRoles")
 	beego.Router("/api/get-role", &controllers.ApiController{}, "GET:GetRole")
--- a/storage/minio_s3.go
+++ b/storage/minio_s3.go
@@ -29,7 +29,7 @@ func NewMinIOS3StorageProvider(clientId string, clientSecret string, region stri
 		Endpoint:         endpoint,
 		S3Endpoint:       endpoint,
 		ACL:              awss3.BucketCannedACLPublicRead,
-		S3ForcePathStyle: true,
+		S3ForcePathStyle: false,
 	})

 	return sp
--- a/swagger/swagger.json
+++ b/swagger/swagger.json
@@ -777,46 +777,6 @@
                "operationId": "ApiController.HandleOfficialAccountEvent"
            }
        },
-        "/api/batch-enforce": {
-            "post": {
-                "tags": [
-                    "Enforce API"
-                ],
-                "description": "perform enforce",
-                "operationId": "ApiController.BatchEnforce",
-                "parameters": [
-                    {
-                        "in": "body",
-                        "name": "body",
-                        "description": "casbin request array",
-                        "required": true,
-                        "schema": {
-                            "$ref": "#/definitions/object.CasbinRequest"
-                        }
-                    },
-                    {
-                        "in": "query",
-                        "name": "permissionId",
-                        "description": "permission id",
-                        "type": "string"
-                    },
-                    {
-                        "in": "query",
-                        "name": "modelId",
-                        "description": "model id",
-                        "type": "string"
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "The Response object",
-                        "schema": {
-                            "$ref": "#/definitions/controllers.Response"
-                        }
-                    }
-                }
-            }
-        },
        "/api/buy-product": {
            "post": {
                "tags": [
@@ -1424,52 +1384,6 @@
                }
            }
        },
-        "/api/enforce": {
-            "post": {
-                "tags": [
-                    "Enforce API"
-                ],
-                "description": "perform enforce",
-                "operationId": "ApiController.Enforce",
-                "parameters": [
-                    {
-                        "in": "body",
-                        "name": "body",
-                        "description": "casbin request",
-                        "required": true,
-                        "schema": {
-                            "$ref": "#/definitions/object.CasbinRequest"
-                        }
-                    },
-                    {
-                        "in": "query",
-                        "name": "permissionId",
-                        "description": "permission id",
-                        "type": "string"
-                    },
-                    {
-                        "in": "query",
-                        "name": "modelId",
-                        "description": "model id",
-                        "type": "string"
-                    },
-                    {
-                        "in": "query",
-                        "name": "resourceId",
-                        "description": "resource id",
-                        "type": "string"
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "The Response object",
-                        "schema": {
-                            "$ref": "#/definitions/controllers.Response"
-                        }
-                    }
-                }
-            }
-        },
        "/api/get-account": {
            "get": {
                "tags": [
@@ -2040,35 +1954,6 @@
                }
            }
        },
-        "/api/get-organization-names": {
-            "get": {
-                "tags": [
-                    "Organization API"
-                ],
-                "description": "get all organization names",
-                "operationId": "ApiController.GetOrganizationNames",
-                "parameters": [
-                    {
-                        "in": "query",
-                        "name": "owner",
-                        "description": "owner",
-                        "required": true,
-                        "type": "string"
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "The Response object",
-                        "schema": {
-                            "type": "array",
-                            "items": {
-                                "$ref": "#/definitions/object.Organization"
-                            }
-                        }
-                    }
-                }
-            }
-        },
        "/api/get-organizations": {
            "get": {
                "tags": [
@@ -2941,6 +2826,7 @@
                        "in": "query",
                        "name": "id",
                        "description": "The id ( owner/name ) of the user",
+                        "required": true,
                        "type": "string"
                    },
                    {
@@ -3176,23 +3062,6 @@
                }
            }
        },
-        "/api/health": {
-            "get": {
-                "tags": [
-                    "System API"
-                ],
-                "description": "check if the system is live",
-                "operationId": "ApiController.Health",
-                "responses": {
-                    "200": {
-                        "description": "The Response object",
-                        "schema": {
-                            "$ref": "#/definitions/controllers.Response"
-                        }
-                    }
-                }
-            }
-        },
        "/api/invoice-payment": {
            "post": {
                "tags": [
@@ -4632,11 +4501,11 @@
        }
    },
    "definitions": {
-        "1225.0xc0002e2ae0.false": {
+        "1183.0x1400042eb70.false": {
            "title": "false",
            "type": "object"
        },
-        "1260.0xc0002e2b10.false": {
+        "1217.0x1400042eba0.false": {
            "title": "false",
            "type": "object"
        },
@@ -4685,10 +4554,10 @@
            "type": "object",
            "properties": {
                "data": {
-                    "$ref": "#/definitions/1225.0xc0002e2ae0.false"
+                    "$ref": "#/definitions/1183.0x1400042eb70.false"
                },
                "data2": {
-                    "$ref": "#/definitions/1260.0xc0002e2b10.false"
+                    "$ref": "#/definitions/1217.0x1400042eba0.false"
                },
                "msg": {
                    "type": "string"
@@ -4726,10 +4595,6 @@
            "title": "JSONWebKey",
            "type": "object"
        },
-        "object.\u0026{179844 0xc000a02f90 false}": {
-            "title": "\u0026{179844 0xc000a02f90 false}",
-            "type": "object"
-        },
        "object.AccountItem": {
            "title": "AccountItem",
            "type": "object",
@@ -4828,9 +4693,6 @@
                "formCss": {
                    "type": "string"
                },
-                "formCssMobile": {
-                    "type": "string"
-                },
                "formOffset": {
                    "type": "integer",
                    "format": "int64"
@@ -4853,9 +4715,6 @@
                "name": {
                    "type": "string"
                },
-                "orgChoiceMode": {
-                    "type": "string"
-                },
                "organization": {
                    "type": "string"
                },
@@ -4913,13 +4772,6 @@
                }
            }
        },
-        "object.CasbinRequest": {
-            "title": "CasbinRequest",
-            "type": "array",
-            "items": {
-                "$ref": "#/definitions/object.\u0026{179844 0xc000a02f90 false}"
-            }
-        },
        "object.Cert": {
            "title": "Cert",
            "type": "object",
@@ -5156,18 +5008,6 @@
                }
            }
        },
-        "object.MfaItem": {
-            "title": "MfaItem",
-            "type": "object",
-            "properties": {
-                "name": {
-                    "type": "string"
-                },
-                "rule": {
-                    "type": "string"
-                }
-            }
-        },
        "object.MfaProps": {
            "title": "MfaProps",
            "type": "object",
@@ -5350,12 +5190,6 @@
                "masterPassword": {
                    "type": "string"
                },
-                "mfaItems": {
-                    "type": "array",
-                    "items": {
-                        "$ref": "#/definitions/object.MfaItem"
-                    }
-                },
                "name": {
                    "type": "string"
                },
@@ -5561,18 +5395,9 @@
                "displayName": {
                    "type": "string"
                },
-                "isEnabled": {
-                    "type": "boolean"
-                },
                "name": {
                    "type": "string"
                },
-                "options": {
-                    "type": "array",
-                    "items": {
-                        "type": "string"
-                    }
-                },
                "owner": {
                    "type": "string"
                },
@@ -5586,6 +5411,9 @@
                },
                "role": {
                    "type": "string"
+                },
+                "options": {
+                    "type": "array"
                }
            }
        },
@@ -5909,9 +5737,6 @@
                "name": {
                    "type": "string"
                },
-                "object": {
-                    "type": "string"
-                },
                "organization": {
                    "type": "string"
                },
@@ -6516,9 +6341,6 @@
                "passwordSalt": {
                    "type": "string"
                },
-                "passwordType": {
-                    "type": "string"
-                },
                "patreon": {
                    "type": "string"
                },
@@ -6683,9 +6505,6 @@
                "name": {
                    "type": "string"
                },
-                "organization": {
-                    "type": "string"
-                },
                "phone": {
                    "type": "string"
                },
@@ -6815,4 +6634,4 @@
            "type": "object"
        }
    }
-}
+}
--- a/swagger/swagger.yml
+++ b/swagger/swagger.yml
@@ -502,32 +502,6 @@ paths:
      tags:
      - HandleOfficialAccountEvent API
      operationId: ApiController.HandleOfficialAccountEvent
-  /api/batch-enforce:
-    post:
-      tags:
-      - Enforce API
-      description: perform enforce
-      operationId: ApiController.BatchEnforce
-      parameters:
-      - in: body
-        name: body
-        description: casbin request array
-        required: true
-        schema:
-          $ref: '#/definitions/object.CasbinRequest'
-      - in: query
-        name: permissionId
-        description: permission id
-        type: string
-      - in: query
-        name: modelId
-        description: model id
-        type: string
-      responses:
-        "200":
-          description: The Response object
-          schema:
-            $ref: '#/definitions/controllers.Response'
  /api/buy-product:
    post:
      tags:
@@ -919,36 +893,6 @@ paths:
          description: The Response object
          schema:
            $ref: '#/definitions/controllers.Response'
-  /api/enforce:
-    post:
-      tags:
-      - Enforce API
-      description: perform enforce
-      operationId: ApiController.Enforce
-      parameters:
-      - in: body
-        name: body
-        description: casbin request
-        required: true
-        schema:
-          $ref: '#/definitions/object.CasbinRequest'
-      - in: query
-        name: permissionId
-        description: permission id
-        type: string
-      - in: query
-        name: modelId
-        description: model id
-        type: string
-      - in: query
-        name: resourceId
-        description: resource id
-        type: string
-      responses:
-        "200":
-          description: The Response object
-          schema:
-            $ref: '#/definitions/controllers.Response'
  /api/get-account:
    get:
      tags:
@@ -1323,25 +1267,6 @@ paths:
            type: array
            items:
              $ref: '#/definitions/object.Application'
-  /api/get-organization-names:
-    get:
-      tags:
-      - Organization API
-      description: get all organization names
-      operationId: ApiController.GetOrganizationNames
-      parameters:
-      - in: query
-        name: owner
-        description: owner
-        required: true
-        type: string
-      responses:
-        "200":
-          description: The Response object
-          schema:
-            type: array
-            items:
-              $ref: '#/definitions/object.Organization'
  /api/get-organizations:
    get:
      tags:
@@ -1916,6 +1841,7 @@ paths:
      - in: query
        name: id
        description: The id ( owner/name ) of the user
+        required: true
        type: string
      - in: query
        name: owner
@@ -2068,17 +1994,6 @@ paths:
            type: array
            items:
              $ref: '#/definitions/object.Webhook'
-  /api/health:
-    get:
-      tags:
-      - System API
-      description: check if the system is live
-      operationId: ApiController.Health
-      responses:
-        "200":
-          description: The Response object
-          schema:
-            $ref: '#/definitions/controllers.Response'
  /api/invoice-payment:
    post:
      tags:
@@ -3025,10 +2940,10 @@ paths:
          schema:
            $ref: '#/definitions/Response'
 definitions:
-  1225.0xc0002e2ae0.false:
+  1183.0x1400042eb70.false:
    title: "false"
    type: object
-  1260.0xc0002e2b10.false:
+  1217.0x1400042eba0.false:
    title: "false"
    type: object
  LaravelResponse:
@@ -3064,9 +2979,9 @@ definitions:
    type: object
    properties:
      data:
-        $ref: '#/definitions/1225.0xc0002e2ae0.false'
+        $ref: '#/definitions/1183.0x1400042eb70.false'
      data2:
-        $ref: '#/definitions/1260.0xc0002e2b10.false'
+        $ref: '#/definitions/1217.0x1400042eba0.false'
      msg:
        type: string
      name:
@@ -3090,9 +3005,6 @@ definitions:
  jose.JSONWebKey:
    title: JSONWebKey
    type: object
-  object.&{179844 0xc000a02f90 false}:
-    title: '&{179844 0xc000a02f90 false}'
-    type: object
  object.AccountItem:
    title: AccountItem
    type: object
@@ -3160,8 +3072,6 @@ definitions:
        type: string
      formCss:
        type: string
-      formCssMobile:
-        type: string
      formOffset:
        type: integer
        format: int64
@@ -3177,8 +3087,6 @@ definitions:
        type: string
      name:
        type: string
-      orgChoiceMode:
-        type: string
      organization:
        type: string
      organizationObj:
@@ -3216,11 +3124,6 @@ definitions:
        $ref: '#/definitions/object.ThemeData'
      tokenFormat:
        type: string
-  object.CasbinRequest:
-    title: CasbinRequest
-    type: array
-    items:
-      $ref: '#/definitions/object.&{179844 0xc000a02f90 false}'
  object.Cert:
    title: Cert
    type: object
@@ -3381,14 +3284,6 @@ definitions:
        type: string
      text:
        type: string
-  object.MfaItem:
-    title: MfaItem
-    type: object
-    properties:
-      name:
-        type: string
-      rule:
-        type: string
  object.MfaProps:
    title: MfaProps
    type: object
@@ -3512,10 +3407,6 @@ definitions:
          type: string
      masterPassword:
        type: string
-      mfaItems:
-        type: array
-        items:
-          $ref: '#/definitions/object.MfaItem'
      name:
        type: string
      owner:
@@ -3653,14 +3544,8 @@ definitions:
        type: string
      displayName:
        type: string
-      isEnabled:
-        type: boolean
      name:
        type: string
-      options:
-        type: array
-        items:
-          type: string
      owner:
        type: string
      pricePerMonth:
@@ -3671,6 +3556,8 @@ definitions:
        format: double
      role:
        type: string
+      options:
+        type: array
  object.Pricing:
    title: Pricing
    type: object
@@ -3888,8 +3775,6 @@ definitions:
        type: string
      name:
        type: string
-      object:
-        type: string
      organization:
        type: string
      owner:
@@ -4296,8 +4181,6 @@ definitions:
        type: string
      passwordSalt:
        type: string
-      passwordType:
-        type: string
      patreon:
        type: string
      paypal:
@@ -4408,8 +4291,6 @@ definitions:
        type: string
      name:
        type: string
-      organization:
-        type: string
      phone:
        type: string
      picture:
--- a/util/string.go
+++ b/util/string.go
@@ -278,13 +278,3 @@ func GetEndPoint(endpoint string) string {
 	}
 	return endpoint
 }
-
-// HasString reports if slice has input string.
-func HasString(strs []string, str string) bool {
-	for _, i := range strs {
-		if i == str {
-			return true
-		}
-	}
-	return false
-}
--- a/web/src/AdapterEditPage.js
+++ b/web/src/AdapterEditPage.js
@@ -32,7 +32,7 @@ class AdapterEditPage extends React.Component {
    super(props);
    this.state = {
      classes: props,
-      organizationName: props.organizationName !== undefined ? props.organizationName : props.match.params.organizationName,
+      owner: props.organizationName !== undefined ? props.organizationName : props.match.params.organizationName,
      adapterName: props.match.params.adapterName,
      adapter: null,
      organizations: [],
@@ -47,25 +47,20 @@ class AdapterEditPage extends React.Component {
  }

  getAdapter() {
-    AdapterBackend.getAdapter(this.state.organizationName, this.state.adapterName)
+    AdapterBackend.getAdapter("admin", this.state.adapterName)
      .then((res) => {
        if (res.status === "ok") {
-          if (res.data === null) {
-            this.props.history.push("/404");
-            return;
-          }
-
          this.setState({
            adapter: res.data,
          });

-          this.getModels(this.state.organizationName);
+          this.getModels(this.state.owner);
        }
      });
  }

  getOrganizations() {
-    OrganizationBackend.getOrganizations("admin")
+    OrganizationBackend.getOrganizations(this.state.organizationName)
      .then((res) => {
        this.setState({
          organizations: (res.msg === undefined) ? res : [],
@@ -114,8 +109,9 @@ class AdapterEditPage extends React.Component {
            {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
          </Col>
          <Col span={22} >
-            <Select virtual={false} style={{width: "100%"}} disabled={!Setting.isAdminUser(this.props.account)} value={this.state.adapter.owner} onChange={(value => {
+            <Select virtual={false} style={{width: "100%"}} disabled={!Setting.isAdminUser(this.props.account)} value={this.state.adapter.organization} onChange={(value => {
              this.getModels(value);
+              this.updateAdapterField("organization", value);
              this.updateAdapterField("owner", value);
            })}>
              {
@@ -252,7 +248,7 @@ class AdapterEditPage extends React.Component {
            {Setting.getLabel(i18next.t("adapter:Policies"), i18next.t("adapter:Policies - Tooltip"))} :
          </Col>
          <Col span={22}>
-            <PolicyTable owner={this.state.organizationName} name={this.state.adapterName} mode={this.state.mode} />
+            <PolicyTable owner={this.state.owner} name={this.state.adapterName} mode={this.state.mode} />
          </Col>
        </Row>
        <Row style={{marginTop: "20px"}} >
@@ -271,7 +267,7 @@ class AdapterEditPage extends React.Component {

  submitAdapterEdit(willExist) {
    const adapter = Setting.deepCopy(this.state.adapter);
-    AdapterBackend.updateAdapter(this.state.organizationName, this.state.adapterName, adapter)
+    AdapterBackend.updateAdapter(this.state.owner, this.state.adapterName, adapter)
      .then((res) => {
        if (res.status === "ok") {
          Setting.showMessage("success", i18next.t("general:Successfully saved"));
@@ -282,7 +278,7 @@ class AdapterEditPage extends React.Component {
          if (willExist) {
            this.props.history.push("/adapters");
          } else {
-            this.props.history.push(`/adapters/${this.state.organizationName}/${this.state.adapter.name}`);
+            this.props.history.push(`/adapters/${this.state.owner}/${this.state.adapter.name}`);
          }
        } else {
          Setting.showMessage("error", `${i18next.t("general:Failed to save")}: ${res.msg}`);
--- a/web/src/AdapterListPage.js
+++ b/web/src/AdapterListPage.js
@@ -26,9 +26,10 @@ class AdapterListPage extends BaseListPage {
  newAdapter() {
    const randomName = Setting.getRandomName();
    return {
-      owner: this.props.account.owner,
+      owner: "admin",
      name: `adapter_${randomName}`,
      createdTime: moment().format(),
+      organization: this.props.account.owner,
      type: "Database",
      host: "localhost",
      port: 3306,
@@ -46,7 +47,7 @@ class AdapterListPage extends BaseListPage {
    AdapterBackend.addAdapter(newAdapter)
      .then((res) => {
        if (res.status === "ok") {
-          this.props.history.push({pathname: `/adapters/${newAdapter.owner}/${newAdapter.name}`, mode: "add"});
+          this.props.history.push({pathname: `/adapters/${newAdapter.organization}/${newAdapter.name}`, mode: "add"});
          Setting.showMessage("success", i18next.t("general:Successfully added"));
        } else {
          Setting.showMessage("error", `${i18next.t("general:Failed to add")}: ${res.msg}`);
@@ -95,11 +96,11 @@ class AdapterListPage extends BaseListPage {
      },
      {
        title: i18next.t("general:Organization"),
-        dataIndex: "owner",
-        key: "owner",
+        dataIndex: "organization",
+        key: "organization",
        width: "120px",
        sorter: true,
-        ...this.getColumnSearchProps("owner"),
+        ...this.getColumnSearchProps("organization"),
        render: (text, record, index) => {
          return (
            <Link to={`/organizations/${text}`}>
@@ -246,13 +247,11 @@ class AdapterListPage extends BaseListPage {
      value = params.type;
    }
    this.setState({loading: true});
-    AdapterBackend.getAdapters(Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    AdapterBackend.getAdapters("admin", Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
-        this.setState({
-          loading: false,
-        });
        if (res.status === "ok") {
          this.setState({
+            loading: false,
            data: res.data,
            pagination: {
              ...params.pagination,
@@ -264,10 +263,9 @@ class AdapterListPage extends BaseListPage {
        } else {
          if (Setting.isResponseDenied(res)) {
            this.setState({
+              loading: false,
              isAuthorized: false,
            });
-          } else {
-            Setting.showMessage("error", res.msg);
          }
        }
      });
--- a/web/src/App.js
+++ b/web/src/App.js
@@ -15,9 +15,6 @@
 import React, {Component} from "react";
 import "./App.less";
 import {Helmet} from "react-helmet";
-import GroupTreePage from "./GroupTreePage";
-import GroupEditPage from "./GroupEdit";
-import GroupListPage from "./GroupList";
 import * as Setting from "./Setting";
 import {StyleProvider, legacyLogicalPropertiesTransformer} from "@ant-design/cssinjs";
 import {BarsOutlined, CommentOutlined, DownOutlined, InfoCircleFilled, LogoutOutlined, SettingOutlined} from "@ant-design/icons";
@@ -131,12 +128,10 @@ class App extends Component {
    });
    if (uri === "/") {
      this.setState({selectedMenuKey: "/"});
-    } else if (uri.includes("/organizations") || uri.includes("/trees")) {
+    } else if (uri.includes("/organizations")) {
      this.setState({selectedMenuKey: "/organizations"});
    } else if (uri.includes("/users")) {
      this.setState({selectedMenuKey: "/users"});
-    } else if (uri.includes("/groups")) {
-      this.setState({selectedMenuKey: "/groups"});
    } else if (uri.includes("/roles")) {
      this.setState({selectedMenuKey: "/roles"});
    } else if (uri.includes("/permissions")) {
@@ -228,7 +223,7 @@ class App extends Component {

  setLanguage(account) {
    const language = account?.language;
-    if (language !== null && language !== "" && language !== i18next.language) {
+    if (language !== "" && language !== i18next.language) {
      Setting.setLanguage(language);
    }
  }
@@ -410,13 +405,12 @@ class App extends Component {

    res.push(Setting.getItem(<Link to="/">{i18next.t("general:Home")}</Link>, "/"));

-    if (Setting.isLocalAdminUser(this.state.account)) {
+    if (Setting.isAdminUser(this.state.account)) {
      res.push(Setting.getItem(<Link to="/organizations">{i18next.t("general:Organizations")}</Link>,
        "/organizations"));
+    }

-      res.push(Setting.getItem(<Link to="/groups">{i18next.t("general:Groups")}</Link>,
-        "/groups"));
-
+    if (Setting.isLocalAdminUser(this.state.account)) {
      res.push(Setting.getItem(<Link to="/users">{i18next.t("general:Users")}</Link>,
        "/users"
      ));
@@ -558,10 +552,6 @@ class App extends Component {
        <Route exact path="/organizations" render={(props) => this.renderLoginIfNotLoggedIn(<OrganizationListPage account={this.state.account} {...props} />)} />
        <Route exact path="/organizations/:organizationName" render={(props) => this.renderLoginIfNotLoggedIn(<OrganizationEditPage account={this.state.account} onChangeTheme={this.setTheme} {...props} />)} />
        <Route exact path="/organizations/:organizationName/users" render={(props) => this.renderLoginIfNotLoggedIn(<UserListPage account={this.state.account} {...props} />)} />
-        <Route exact path="/trees/:organizationName" render={(props) => this.renderLoginIfNotLoggedIn(<GroupTreePage account={this.state.account} {...props} />)} />
-        <Route exact path="/trees/:organizationName/:groupName" render={(props) => this.renderLoginIfNotLoggedIn(<GroupTreePage account={this.state.account} {...props} />)} />
-        <Route exact path="/groups" render={(props) => this.renderLoginIfNotLoggedIn(<GroupListPage account={this.state.account} {...props} />)} />
-        <Route exact path="/groups/:organizationName/:groupName" render={(props) => this.renderLoginIfNotLoggedIn(<GroupEditPage account={this.state.account} {...props} />)} />
        <Route exact path="/users" render={(props) => this.renderLoginIfNotLoggedIn(<UserListPage account={this.state.account} {...props} />)} />
        <Route exact path="/users/:organizationName/:userName" render={(props) => <UserEditPage account={this.state.account} {...props} />} />
        <Route exact path="/roles" render={(props) => this.renderLoginIfNotLoggedIn(<RoleListPage account={this.state.account} {...props} />)} />
@@ -628,11 +618,6 @@ class App extends Component {
    });
  };

-  isWithoutCard() {
-    return Setting.isMobile() || window.location.pathname === "/chat" ||
-      window.location.pathname.startsWith("/trees");
-  }
-
  renderContent() {
    const onClick = ({key}) => {
      if (key === "/swagger") {
@@ -643,6 +628,7 @@ class App extends Component {
    };
    return (
      <Layout id="parent-area">
+        {/* https://github.com/ant-design/ant-design/issues/40394 ant design bug. If it will be fixed, we can delete the code for control the color of Header*/}
        <Header style={{padding: "0", marginBottom: "3px", backgroundColor: this.state.themeAlgorithm.includes("dark") ? "black" : "white"}}>
          {Setting.isMobile() ? null : (
            <Link to={"/"}>
@@ -678,7 +664,7 @@ class App extends Component {
          }
        </Header>
        <Content style={{display: "flex", flexDirection: "column"}} >
-          {this.isWithoutCard() ?
+          {(Setting.isMobile() || window.location.pathname === "/chat") ?
            this.renderRouter() :
            <Card className="content-warp-card">
              {this.renderRouter()}
--- a/web/src/App.less
+++ b/web/src/App.less
@@ -74,6 +74,7 @@ img {

 .content-warp-card {
  box-shadow: 0 1px 5px 0 rgb(51 51 51 / 14%);
+  margin: 5px;
  flex: 1;
  align-items: stretch;
 }
--- a/web/src/ApplicationEditPage.js
+++ b/web/src/ApplicationEditPage.js
@@ -119,11 +119,6 @@ class ApplicationEditPage extends React.Component {
  getApplication() {
    ApplicationBackend.getApplication("admin", this.state.applicationName)
      .then((application) => {
-        if (application === null) {
-          this.props.history.push("/404");
-          return;
-        }
-
        if (application.grantTypes === null || application.grantTypes === undefined || application.grantTypes.length === 0) {
          application.grantTypes = ["authorization_code"];
        }
--- a/web/src/ApplicationListPage.js
+++ b/web/src/ApplicationListPage.js
@@ -276,11 +276,9 @@ class ApplicationListPage extends BaseListPage {
    (Setting.isAdminUser(this.props.account) ? ApplicationBackend.getApplications("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder) :
      ApplicationBackend.getApplicationsByOrganization("admin", this.props.account.organization.name, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder))
      .then((res) => {
-        this.setState({
-          loading: false,
-        });
        if (res.status === "ok") {
          this.setState({
+            loading: false,
            data: res.data,
            pagination: {
              ...params.pagination,
@@ -292,10 +290,9 @@ class ApplicationListPage extends BaseListPage {
        } else {
          if (Setting.isResponseDenied(res)) {
            this.setState({
+              loading: false,
              isAuthorized: false,
            });
-          } else {
-            Setting.showMessage("error", res.msg);
          }
        }
      });
--- a/web/src/CertEditPage.js
+++ b/web/src/CertEditPage.js
@@ -45,11 +45,6 @@ class CertEditPage extends React.Component {
  getCert() {
    CertBackend.getCert(this.state.owner, this.state.certName)
      .then((cert) => {
-        if (cert === null) {
-          this.props.history.push("/404");
-          return;
-        }
-
        this.setState({
          cert: cert,
        });
--- a/web/src/CertListPage.js
+++ b/web/src/CertListPage.js
@@ -108,7 +108,7 @@ class CertListPage extends BaseListPage {
        key: "owner",
        width: "150px",
        sorter: true,
-        ...this.getColumnSearchProps("owner"),
+        ...this.getColumnSearchProps("organization"),
        render: (text, record, index) => {
          return (text !== "admin") ? text : i18next.t("provider:admin (Shared)");
        },
@@ -239,11 +239,9 @@ class CertListPage extends BaseListPage {
    (Setting.isAdminUser(this.props.account) ? CertBackend.getGlobleCerts(params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      : CertBackend.getCerts(this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder))
      .then((res) => {
-        this.setState({
-          loading: false,
-        });
        if (res.status === "ok") {
          this.setState({
+            loading: false,
            data: res.data,
            pagination: {
              ...params.pagination,
@@ -255,10 +253,9 @@ class CertListPage extends BaseListPage {
        } else {
          if (Setting.isResponseDenied(res)) {
            this.setState({
+              loading: false,
              isAuthorized: false,
            });
-          } else {
-            Setting.showMessage("error", res.msg);
          }
        }
      });
--- a/web/src/ChatEditPage.js
+++ b/web/src/ChatEditPage.js
@@ -41,11 +41,6 @@ class ChatEditPage extends React.Component {
  getChat() {
    ChatBackend.getChat("admin", this.state.chatName)
      .then((chat) => {
-        if (chat === null) {
-          this.props.history.push("/404");
-          return;
-        }
-
        this.setState({
          chat: chat,
        });
--- a/web/src/ChatListPage.js
+++ b/web/src/ChatListPage.js
@@ -267,11 +267,9 @@ class ChatListPage extends BaseListPage {
    this.setState({loading: true});
    ChatBackend.getChats("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
-        this.setState({
-          loading: false,
-        });
        if (res.status === "ok") {
          this.setState({
+            loading: false,
            data: res.data,
            pagination: {
              ...params.pagination,
@@ -283,10 +281,9 @@ class ChatListPage extends BaseListPage {
        } else {
          if (Setting.isResponseDenied(res)) {
            this.setState({
+              loading: false,
              isAuthorized: false,
            });
-          } else {
-            Setting.showMessage("error", res.msg);
          }
        }
      });
--- a/web/src/ChatPage.js
+++ b/web/src/ChatPage.js
@@ -278,10 +278,9 @@ class ChatPage extends BaseListPage {
        } else {
          if (Setting.isResponseDenied(res)) {
            this.setState({
+              loading: false,
              isAuthorized: false,
            });
-          } else {
-            Setting.showMessage("error", res.msg);
          }
        }
      });
--- a/web/src/GroupEdit.js
+++ b/web/src/GroupEdit.js
@@ -1,268 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-import React from "react";
-import {Button, Card, Col, Input, Row, Select, Switch} from "antd";
-import * as GroupBackend from "./backend/GroupBackend";
-import * as OrganizationBackend from "./backend/OrganizationBackend";
-import * as Setting from "./Setting";
-import i18next from "i18next";
-
-class GroupEditPage extends React.Component {
-  constructor(props) {
-    super(props);
-    this.state = {
-      classes: props,
-      groupName: props.match.params.groupName,
-      organizationName: props.organizationName !== undefined ? props.organizationName : props.match.params.organizationName,
-      group: null,
-      users: [],
-      groups: [],
-      organizations: [],
-      mode: props.location.mode !== undefined ? props.location.mode : "edit",
-    };
-  }
-
-  UNSAFE_componentWillMount() {
-    this.getGroup();
-    this.getGroups(this.state.organizationName);
-    this.getOrganizations();
-  }
-
-  getGroup() {
-    GroupBackend.getGroup(this.state.organizationName, this.state.groupName)
-      .then((res) => {
-        if (res.status === "ok") {
-          if (res.data === null) {
-            this.props.history.push("/404");
-            return;
-          }
-
-          this.setState({
-            group: res.data,
-          });
-        }
-      });
-  }
-
-  getGroups(organizationName) {
-    GroupBackend.getGroups(organizationName)
-      .then((res) => {
-        if (res.status === "ok") {
-          this.setState({
-            groups: res.data,
-          });
-        }
-      });
-  }
-
-  getOrganizations() {
-    OrganizationBackend.getOrganizationNames("admin")
-      .then((res) => {
-        if (res.status === "ok") {
-          this.setState({
-            organizations: res.data,
-          });
-        }
-      });
-  }
-
-  parseGroupField(key, value) {
-    if ([""].includes(key)) {
-      value = Setting.myParseInt(value);
-    }
-    return value;
-  }
-
-  updateGroupField(key, value) {
-    value = this.parseGroupField(key, value);
-
-    const group = this.state.group;
-    group[key] = value;
-    this.setState({
-      group: group,
-    });
-  }
-
-  getParentIdOptions() {
-    const groups = this.state.groups.filter((group) => group.id !== this.state.group.id);
-    const organization = this.state.organizations.find((organization) => organization.name === this.state.group.owner);
-    if (organization !== undefined) {
-      groups.push({id: organization.name, displayName: organization.displayName});
-    }
-    return groups.map((group) => ({label: group.displayName, value: group.id}));
-  }
-
-  renderGroup() {
-    return (
-      <Card size="small" title={
-        <div>
-          {this.state.mode === "add" ? i18next.t("group:New Group") : i18next.t("group:Edit Group")}&nbsp;&nbsp;&nbsp;&nbsp;
-          <Button onClick={() => this.submitGroupEdit(false)}>{i18next.t("general:Save")}</Button>
-          <Button style={{marginLeft: "20px"}} type="primary" onClick={() => this.submitGroupEdit(true)}>{i18next.t("general:Save & Exit")}</Button>
-          {this.state.mode === "add" ? <Button style={{marginLeft: "20px"}} onClick={() => this.deleteGroup()}>{i18next.t("general:Cancel")}</Button> : null}
-        </div>
-      }
-      style={(Setting.isMobile()) ? {margin: "5px"} : {}}
-      type="inner"
-      >
-        <Row style={{marginTop: "10px"}} >
-          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
-          </Col>
-          <Col span={22} >
-            <Select virtual={false} style={{width: "100%"}} disabled={!Setting.isAdminUser(this.props.account)} value={this.state.group.owner}
-              onChange={(value => {
-                this.updateGroupField("owner", value);
-                this.getGroups(value);
-              })}
-              options={this.state.organizations.map((organization) => Setting.getOption(organization.displayName, organization.name))
-              } />
-          </Col>
-        </Row>
-        <Row style={{marginTop: "20px"}} >
-          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("general:Name"), i18next.t("general:Name - Tooltip"))} :
-          </Col>
-          <Col span={22} >
-            <Input value={this.state.group.name} onChange={e => {
-              this.updateGroupField("name", e.target.value);
-            }} />
-          </Col>
-        </Row>
-        <Row style={{marginTop: "20px"}} >
-          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("general:Display name"), i18next.t("general:Display name - Tooltip"))} :
-          </Col>
-          <Col span={22} >
-            <Input value={this.state.group.displayName} onChange={e => {
-              this.updateGroupField("displayName", e.target.value);
-            }} />
-          </Col>
-        </Row>
-        <Row style={{marginTop: "20px"}} >
-          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("general:Type"), i18next.t("general:Type - Tooltip"))} :
-          </Col>
-          <Col span={22} >
-            <Select style={{width: "100%"}}
-              options={
-                [
-                  {label: i18next.t("group:Virtual"), value: "Virtual"},
-                  {label: i18next.t("group:Physical"), value: "Physical"},
-                ].map((item) => ({label: item.label, value: item.value}))
-              }
-              value={this.state.group.type} onChange={(value => {
-                this.updateGroupField("type", value);
-              }
-              )} />
-          </Col>
-        </Row>
-        <Row style={{marginTop: "20px"}} >
-          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("group:Parent group"), i18next.t("group:Parent group - Tooltip"))} :
-          </Col>
-          <Col span={22} >
-            <Select style={{width: "100%"}}
-              options={this.getParentIdOptions()}
-              value={this.state.group.parentId} onChange={(value => {
-                this.updateGroupField("parentId", value);
-              }
-              )} />
-          </Col>
-        </Row>
-        <Row style={{marginTop: "20px"}} >
-          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 19 : 2}>
-            {Setting.getLabel(i18next.t("general:Is enabled"), i18next.t("general:Is enabled - Tooltip"))} :
-          </Col>
-          <Col span={1} >
-            <Switch checked={this.state.group.isEnabled} onChange={checked => {
-              this.updateGroupField("isEnabled", checked);
-            }} />
-          </Col>
-        </Row>
-      </Card>
-    );
-  }
-
-  submitGroupEdit(willExist) {
-    const group = Setting.deepCopy(this.state.group);
-    group["isTopGroup"] = this.state.organizations.some((organization) => organization.name === group.parentId);
-
-    GroupBackend.updateGroup(this.state.organizationName, this.state.groupName, group)
-      .then((res) => {
-        if (res.status === "ok") {
-          Setting.showMessage("success", i18next.t("general:Successfully saved"));
-          this.setState({
-            groupName: this.state.group.name,
-          });
-
-          if (willExist) {
-            const groupTreeUrl = sessionStorage.getItem("groupTreeUrl");
-            if (groupTreeUrl !== null) {
-              sessionStorage.removeItem("groupTreeUrl");
-              this.props.history.push(groupTreeUrl);
-            } else {
-              this.props.history.push("/groups");
-            }
-          } else {
-            this.props.history.push(`/groups/${this.state.group.owner}/${this.state.group.name}`);
-          }
-        } else {
-          Setting.showMessage("error", `${i18next.t("general:Failed to save")}: ${res.msg}`);
-          this.updateGroupField("name", this.state.groupName);
-        }
-      })
-      .catch(error => {
-        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
-      });
-  }
-
-  deleteGroup() {
-    GroupBackend.deleteGroup(this.state.group)
-      .then((res) => {
-        if (res.status === "ok") {
-          const groupTreeUrl = sessionStorage.getItem("groupTreeUrl");
-          if (groupTreeUrl !== null) {
-            sessionStorage.removeItem("groupTreeUrl");
-            this.props.history.push(groupTreeUrl);
-          } else {
-            this.props.history.push("/groups");
-          }
-        } else {
-          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
-        }
-      })
-      .catch(error => {
-        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
-      });
-  }
-
-  render() {
-    return (
-      <div>
-        {
-          this.state.group !== null ? this.renderGroup() : null
-        }
-        <div style={{marginTop: "20px", marginLeft: "40px"}}>
-          <Button size="large" onClick={() => this.submitGroupEdit(false)}>{i18next.t("general:Save")}</Button>
-          <Button style={{marginLeft: "20px"}} type="primary" size="large" onClick={() => this.submitGroupEdit(true)}>{i18next.t("general:Save & Exit")}</Button>
-          {this.state.mode === "add" ? <Button style={{marginLeft: "20px"}} size="large" onClick={() => this.deleteGroup()}>{i18next.t("general:Cancel")}</Button> : null}
-        </div>
-      </div>
-    );
-  }
-}
-
-export default GroupEditPage;
--- a/web/src/GroupList.js
+++ b/web/src/GroupList.js
@@ -1,286 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-import React from "react";
-import {Link} from "react-router-dom";
-import {Button, Table} from "antd";
-import moment from "moment";
-import * as Setting from "./Setting";
-import * as GroupBackend from "./backend/GroupBackend";
-import i18next from "i18next";
-import BaseListPage from "./BaseListPage";
-import PopconfirmModal from "./common/modal/PopconfirmModal";
-
-class GroupListPage extends BaseListPage {
-  constructor(props) {
-    super(props);
-    this.state = {
-      ...this.state,
-      owner: Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner,
-      groups: [],
-    };
-  }
-  UNSAFE_componentWillMount() {
-    super.UNSAFE_componentWillMount();
-    this.getGroups(this.state.owner);
-  }
-
-  getGroups(organizationName) {
-    GroupBackend.getGroups(organizationName)
-      .then((res) => {
-        if (res.status === "ok") {
-          this.setState({
-            groups: res.data,
-          });
-        }
-      });
-  }
-
-  newGroup() {
-    const randomName = Setting.getRandomName();
-    return {
-      owner: this.props.account.owner,
-      name: `group_${randomName}`,
-      createdTime: moment().format(),
-      updatedTime: moment().format(),
-      displayName: `New Group - ${randomName}`,
-      type: "Virtual",
-      parentId: this.props.account.owner,
-      isTopGroup: true,
-      isEnabled: true,
-    };
-  }
-
-  addGroup() {
-    const newGroup = this.newGroup();
-    GroupBackend.addGroup(newGroup)
-      .then((res) => {
-        if (res.status === "ok") {
-          this.props.history.push({pathname: `/groups/${newGroup.owner}/${newGroup.name}`, mode: "add"});
-          Setting.showMessage("success", i18next.t("general:Successfully added"));
-        } else {
-          Setting.showMessage("error", `${i18next.t("general:Failed to add")}: ${res.msg}`);
-        }
-      })
-      .catch(error => {
-        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
-      });
-  }
-
-  deleteGroup(i) {
-    GroupBackend.deleteGroup(this.state.data[i])
-      .then((res) => {
-        if (res.status === "ok") {
-          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-          this.setState({
-            data: Setting.deleteRow(this.state.data, i),
-            pagination: {total: this.state.pagination.total - 1},
-          });
-        } else {
-          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
-        }
-      })
-      .catch(error => {
-        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
-      });
-  }
-
-  renderTable(data) {
-    const columns = [
-      {
-        title: i18next.t("general:Name"),
-        dataIndex: "name",
-        key: "name",
-        width: "120px",
-        fixed: "left",
-        sorter: true,
-        ...this.getColumnSearchProps("name"),
-        render: (text, record, index) => {
-          return (
-            <Link to={`/groups/${record.owner}/${text}`}>
-              {text}
-            </Link>
-          );
-        },
-      },
-      {
-        title: i18next.t("general:Organization"),
-        dataIndex: "owner",
-        key: "owner",
-        width: "120px",
-        sorter: true,
-        ...this.getColumnSearchProps("owner"),
-        render: (text, record, index) => {
-          return (
-            <Link to={`/organizations/${text}`}>
-              {text}
-            </Link>
-          );
-        },
-      },
-      {
-        title: i18next.t("general:Created time"),
-        dataIndex: "createdTime",
-        key: "createdTime",
-        width: "150px",
-        sorter: true,
-        render: (text, record, index) => {
-          return Setting.getFormattedDate(text);
-        },
-      },
-      {
-        title: i18next.t("general:Updated time"),
-        dataIndex: "updatedTime",
-        key: "updatedTime",
-        width: "150px",
-        sorter: true,
-        render: (text, record, index) => {
-          return Setting.getFormattedDate(text);
-        },
-      },
-      {
-        title: i18next.t("general:Display name"),
-        dataIndex: "displayName",
-        key: "displayName",
-        width: "100px",
-        sorter: true,
-        ...this.getColumnSearchProps("displayName"),
-      },
-      {
-        title: i18next.t("general:Type"),
-        dataIndex: "type",
-        key: "type",
-        width: "110px",
-        sorter: true,
-        filterMultiple: false,
-        filters: [
-          {text: i18next.t("group:Virtual"), value: "Virtual"},
-          {text: i18next.t("group:Physical"), value: "Physical"},
-        ],
-        render: (text, record, index) => {
-          return i18next.t("group:" + text);
-        },
-      },
-      {
-        title: i18next.t("group:Parent group"),
-        dataIndex: "parentId",
-        key: "parentId",
-        width: "110px",
-        sorter: true,
-        ...this.getColumnSearchProps("parentId"),
-        render: (text, record, index) => {
-          if (record.isTopGroup) {
-            return <Link to={`/organizations/${record.parentId}`}>
-              {record.parentId}
-            </Link>;
-          }
-          const parentGroup = this.state.groups.find((group) => group.id === text);
-          if (parentGroup === undefined) {
-            return "";
-          }
-          return <Link to={`/groups/${parentGroup.owner}/${parentGroup.name}`}>
-            {parentGroup?.displayName}
-          </Link>;
-        },
-      },
-      {
-        title: i18next.t("general:Action"),
-        dataIndex: "",
-        key: "op",
-        width: "170px",
-        fixed: (Setting.isMobile()) ? "false" : "right",
-        render: (text, record, index) => {
-          const haveChildren = this.state.groups.find((group) => group.parentId === record.id) !== undefined;
-          return (
-            <div>
-              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/groups/${record.owner}/${record.name}`)}>{i18next.t("general:Edit")}</Button>
-              <PopconfirmModal
-                disabled={haveChildren}
-                title={i18next.t("general:Sure to delete") + `: ${record.name} ?`}
-                onConfirm={() => this.deleteGroup(index)}
-              >
-              </PopconfirmModal>
-            </div>
-          );
-        },
-      },
-    ];
-
-    const paginationProps = {
-      total: this.state.pagination.total,
-      showQuickJumper: true,
-      showSizeChanger: true,
-      showTotal: () => i18next.t("general:{total} in total").replace("{total}", this.state.pagination.total),
-    };
-
-    return (
-      <div>
-        <Table scroll={{x: "max-content"}} columns={columns} dataSource={data} rowKey={(record) => `${record.owner}/${record.name}`} size="middle" bordered pagination={paginationProps}
-          title={() => (
-            <div>
-              {i18next.t("general:Groups")}&nbsp;&nbsp;&nbsp;&nbsp;
-              <Button type="primary" size="small" onClick={this.addGroup.bind(this)}>{i18next.t("general:Add")}</Button>
-            </div>
-          )}
-          loading={this.state.loading}
-          onChange={this.handleTableChange}
-        />
-      </div>
-    );
-  }
-
-  fetch = (params = {}) => {
-    let field = params.searchedColumn, value = params.searchText;
-    const sortField = params.sortField, sortOrder = params.sortOrder;
-    if (params.category !== undefined && params.category !== null) {
-      field = "category";
-      value = params.category;
-    } else if (params.type !== undefined && params.type !== null) {
-      field = "type";
-      value = params.type;
-    }
-    this.setState({loading: true});
-    GroupBackend.getGroups(this.state.owner, false, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
-      .then((res) => {
-        this.setState({
-          loading: false,
-        });
-        if (res.status === "ok") {
-          this.setState({
-            data: res.data,
-            pagination: {
-              ...params.pagination,
-              total: res.data2,
-            },
-            searchText: params.searchText,
-            searchedColumn: params.searchedColumn,
-          });
-        } else {
-          if (Setting.isResponseDenied(res)) {
-            this.setState({
-              isAuthorized: false,
-            });
-          }
-        }
-      })
-      .catch(error => {
-        this.setState({
-          loading: false,
-        });
-        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
-      });
-  };
-}
-
-export default GroupListPage;
--- a/web/src/GroupTreePage.js
+++ b/web/src/GroupTreePage.js
@@ -1,336 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-import {DeleteOutlined, EditOutlined, HolderOutlined, PlusOutlined, UsergroupAddOutlined} from "@ant-design/icons";
-import {Button, Col, Empty, Row, Space, Tree} from "antd";
-import i18next from "i18next";
-import moment from "moment/moment";
-import React from "react";
-import * as GroupBackend from "./backend/GroupBackend";
-import * as Setting from "./Setting";
-import OrganizationSelect from "./common/select/OrganizationSelect";
-import UserListPage from "./UserListPage";
-
-class GroupTreePage extends React.Component {
-  constructor(props) {
-    super(props);
-    this.state = {
-      classes: props,
-      owner: Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner,
-      organizationName: props.organizationName !== undefined ? props.organizationName : props.match.params.organizationName,
-      groupName: this.props.match?.params.groupName,
-      groupId: undefined,
-      treeData: [],
-      selectedKeys: [this.props.match?.params.groupName],
-    };
-  }
-
-  UNSAFE_componentWillMount() {
-    this.getTreeData();
-  }
-
-  componentDidUpdate(prevProps, prevState, snapshot) {
-    if (this.state.organizationName !== prevState.organizationName) {
-      this.getTreeData();
-    }
-
-    if (prevState.treeData !== this.state.treeData) {
-      this.setTreeExpandedKeys();
-    }
-  }
-
-  getTreeData() {
-    GroupBackend.getGroups(this.state.organizationName, true).then((res) => {
-      if (res.status === "ok") {
-        this.setState({
-          treeData: res.data,
-          groupId: this.findNodeId({children: res.data}, this.state.groupName),
-        });
-      } else {
-        Setting.showMessage("error", res.msg);
-      }
-    });
-  }
-
-  findNodeId(node, targetName) {
-    if (node.key === targetName) {
-      return node.id;
-    }
-    if (node.children) {
-      for (let i = 0; i < node.children.length; i++) {
-        const result = this.findNodeId(node.children[i], targetName);
-        if (result) {
-          return result;
-        }
-      }
-    }
-    return null;
-  }
-
-  setTreeTitle(treeData) {
-    const haveChildren = Array.isArray(treeData.children) && treeData.children.length > 0;
-    const isSelected = this.state.groupName === treeData.key;
-    return {
-      id: treeData.id,
-      key: treeData.key,
-      title: <Space>
-        {treeData.type === "Physical" ? <UsergroupAddOutlined /> : <HolderOutlined />}
-        <span>{treeData.title}</span>
-        {isSelected && (
-          <React.Fragment>
-            <PlusOutlined
-              style={{
-                visibility: "visible",
-                color: "inherit",
-                transition: "color 0.3s",
-              }}
-              onMouseEnter={(e) => {
-                e.currentTarget.style.color = "rgba(89,54,213,0.6)";
-              }}
-              onMouseLeave={(e) => {
-                e.currentTarget.style.color = "inherit";
-              }}
-              onMouseDown={(e) => {
-                e.currentTarget.style.color = "rgba(89,54,213,0.4)";
-              }}
-              onMouseUp={(e) => {
-                e.currentTarget.style.color = "rgba(89,54,213,0.6)";
-              }}
-              onClick={(e) => {
-                e.stopPropagation();
-                sessionStorage.setItem("groupTreeUrl", window.location.pathname);
-                this.addGroup();
-              }}
-            />
-            <EditOutlined
-              style={{
-                visibility: "visible",
-                color: "inherit",
-                transition: "color 0.3s",
-              }}
-              onMouseEnter={(e) => {
-                e.currentTarget.style.color = "rgba(89,54,213,0.6)";
-              }}
-              onMouseLeave={(e) => {
-                e.currentTarget.style.color = "inherit";
-              }}
-              onMouseDown={(e) => {
-                e.currentTarget.style.color = "rgba(89,54,213,0.4)";
-              }}
-              onMouseUp={(e) => {
-                e.currentTarget.style.color = "rgba(89,54,213,0.6)";
-              }}
-              onClick={(e) => {
-                e.stopPropagation();
-                sessionStorage.setItem("groupTreeUrl", window.location.pathname);
-                this.props.history.push(`/groups/${this.state.organizationName}/${treeData.key}`);
-              }}
-            />
-            {!haveChildren &&
-            <DeleteOutlined
-              style={{
-                visibility: "visible",
-                color: "inherit",
-                transition: "color 0.3s",
-              }}
-              onMouseEnter={(e) => {
-                e.currentTarget.style.color = "rgba(89,54,213,0.6)";
-              }}
-              onMouseLeave={(e) => {
-                e.currentTarget.style.color = "inherit";
-              }}
-              onMouseDown={(e) => {
-                e.currentTarget.style.color = "rgba(89,54,213,0.4)";
-              }}
-              onMouseUp={(e) => {
-                e.currentTarget.style.color = "rgba(89,54,213,0.6)";
-              }}
-              onClick={(e) => {
-                e.stopPropagation();
-                GroupBackend.deleteGroup({owner: treeData.owner, name: treeData.key})
-                  .then((res) => {
-                    if (res.status === "ok") {
-                      Setting.showMessage("success", i18next.t("general:Successfully deleted"));
-                      this.getTreeData();
-                    } else {
-                      Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
-                    }
-                  })
-                  .catch(error => {
-                    Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
-                  });
-              }}
-            />
-            }
-          </React.Fragment>
-        )}
-      </Space>,
-      children: haveChildren ? treeData.children.map(i => this.setTreeTitle(i)) : [],
-    };
-  }
-
-  setTreeExpandedKeys = () => {
-    const expandedKeys = [];
-    const setExpandedKeys = (nodes) => {
-      for (const node of nodes) {
-        expandedKeys.push(node.key);
-        if (node.children) {
-          setExpandedKeys(node.children);
-        }
-      }
-    };
-    setExpandedKeys(this.state.treeData);
-    this.setState({
-      expandedKeys: expandedKeys,
-    });
-  };
-
-  renderTree() {
-    const onSelect = (selectedKeys, info) => {
-      this.setState({
-        selectedKeys: selectedKeys,
-        groupName: info.node.key,
-        groupId: info.node.id,
-      });
-      this.props.history.push(`/trees/${this.state.organizationName}/${info.node.key}`);
-    };
-    const onExpand = (expandedKeysValue) => {
-      this.setState({
-        expandedKeys: expandedKeysValue,
-      });
-    };
-
-    if (this.state.treeData.length === 0) {
-      return <Empty />;
-    }
-
-    const treeData = this.state.treeData.map(i => this.setTreeTitle(i));
-    return (
-      <Tree
-        blockNode={true}
-        defaultSelectedKeys={[this.state.groupName]}
-        defaultExpandAll={true}
-        selectedKeys={this.state.selectedKeys}
-        expandedKeys={this.state.expandedKeys}
-        onSelect={onSelect}
-        onExpand={onExpand}
-        showIcon={true}
-        treeData={treeData}
-      />
-    );
-  }
-
-  renderOrganizationSelect() {
-    if (Setting.isAdminUser(this.props.account)) {
-      return (
-        <OrganizationSelect
-          initValue={this.state.organizationName}
-          style={{width: "100%"}}
-          onChange={(value) => {
-            this.setState({
-              organizationName: value,
-            });
-            this.props.history.push(`/trees/${value}`);
-          }}
-        />
-      );
-    }
-  }
-
-  newGroup(isRoot) {
-    const randomName = Setting.getRandomName();
-    return {
-      owner: this.state.organizationName,
-      name: `group_${randomName}`,
-      createdTime: moment().format(),
-      updatedTime: moment().format(),
-      displayName: `New Group - ${randomName}`,
-      type: "Virtual",
-      parentId: isRoot ? this.state.organizationName : this.state.groupId,
-      isTopGroup: isRoot,
-      isEnabled: true,
-    };
-  }
-
-  addGroup(isRoot = false) {
-    const newGroup = this.newGroup(isRoot);
-    GroupBackend.addGroup(newGroup)
-      .then((res) => {
-        if (res.status === "ok") {
-          sessionStorage.setItem("groupTreeUrl", window.location.pathname);
-          this.props.history.push({pathname: `/groups/${newGroup.owner}/${newGroup.name}`, mode: "add"});
-          Setting.showMessage("success", i18next.t("general:Successfully added"));
-        } else {
-          Setting.showMessage("error", `${i18next.t("general:Failed to add")}: ${res.msg}`);
-        }
-      })
-      .catch(error => {
-        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
-      });
-  }
-
-  render() {
-    return (
-      <div style={{
-        flex: 1,
-        backgroundColor: "white",
-        padding: "5px 5px 2px 5px",
-      }}>
-        <Row>
-          <Col span={5}>
-            <Row>
-              <Col span={24} style={{textAlign: "center"}}>
-                {this.renderOrganizationSelect()}
-              </Col>
-            </Row>
-            <Row>
-              <Col span={24} style={{marginTop: "10px"}}>
-                <Button size={"small"}
-                  onClick={() => {
-                    this.setState({
-                      selectedKeys: [],
-                      groupName: null,
-                      groupId: undefined,
-                    });
-                    this.props.history.push(`/trees/${this.state.organizationName}`);
-                  }}
-                >
-                  {i18next.t("group:Show all")}
-                </Button>
-                <Button size={"small"} type={"primary"} style={{marginLeft: "10px"}} onClick={() => this.addGroup(true)}>
-                  {i18next.t("general:Add")}
-                </Button>
-              </Col>
-            </Row>
-            <Row style={{marginTop: 10}}>
-              <Col span={24} style={{textAlign: "left"}}>
-                {this.renderTree()}
-              </Col>
-            </Row>
-          </Col>
-          <Col span={19}>
-            <UserListPage
-              organizationName={this.state.organizationName}
-              groupName={this.state.groupName}
-              groupId={this.state.groupId}
-              {...this.props}
-            />
-          </Col>
-        </Row>
-      </div>
-    );
-  }
-}
-
-export default GroupTreePage;
--- a/web/src/MessageEditPage.js
+++ b/web/src/MessageEditPage.js
@@ -46,11 +46,6 @@ class MessageEditPage extends React.Component {
  getMessage() {
    MessageBackend.getMessage("admin", this.state.messageName)
      .then((message) => {
-        if (message === null) {
-          this.props.history.push("/404");
-          return;
-        }
-
        this.setState({
          message: message,
        });
--- a/web/src/MessageListPage.js
+++ b/web/src/MessageListPage.js
@@ -210,11 +210,9 @@ class MessageListPage extends BaseListPage {
    this.setState({loading: true});
    MessageBackend.getMessages("admin", Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
-        this.setState({
-          loading: false,
-        });
        if (res.status === "ok") {
          this.setState({
+            loading: false,
            data: res.data,
            pagination: {
              ...params.pagination,
@@ -226,10 +224,9 @@ class MessageListPage extends BaseListPage {
        } else {
          if (Setting.isResponseDenied(res)) {
            this.setState({
+              loading: false,
              isAuthorized: false,
            });
-          } else {
-            Setting.showMessage("error", res.msg);
          }
        }
      });
--- a/web/src/ModelEditPage.js
+++ b/web/src/ModelEditPage.js
@@ -36,6 +36,7 @@ class ModelEditPage extends React.Component {
      model: null,
      organizations: [],
      users: [],
+      models: [],
      mode: props.location.mode !== undefined ? props.location.mode : "edit",
    };
  }
@@ -48,14 +49,11 @@ class ModelEditPage extends React.Component {
  getModel() {
    ModelBackend.getModel(this.state.organizationName, this.state.modelName)
      .then((model) => {
-        if (model === null) {
-          this.props.history.push("/404");
-          return;
-        }
-
        this.setState({
          model: model,
        });
+
+        this.getModels(model.organization);
      });
  }

@@ -68,6 +66,15 @@ class ModelEditPage extends React.Component {
      });
  }

+  getModels(organizationName) {
+    ModelBackend.getModels(organizationName)
+      .then((res) => {
+        this.setState({
+          models: res,
+        });
+      });
+  }
+
  parseModelField(key, value) {
    if ([""].includes(key)) {
      value = Setting.myParseInt(value);
@@ -127,16 +134,6 @@ class ModelEditPage extends React.Component {
            }} />
          </Col>
        </Row>
-        <Row style={{marginTop: "20px"}} >
-          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("general:Description"), i18next.t("general:Description - Tooltip"))} :
-          </Col>
-          <Col span={22} >
-            <Input value={this.state.model.description} onChange={e => {
-              this.updateModelField("description", e.target.value);
-            }} />
-          </Col>
-        </Row>
        <Row style={{marginTop: "20px"}} >
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
            {Setting.getLabel(i18next.t("model:Model text"), i18next.t("model:Model text - Tooltip"))} :
--- a/web/src/ModelListPage.js
+++ b/web/src/ModelListPage.js
@@ -204,11 +204,9 @@ class ModelListPage extends BaseListPage {
    this.setState({loading: true});
    ModelBackend.getModels(Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
-        this.setState({
-          loading: false,
-        });
        if (res.status === "ok") {
          this.setState({
+            loading: false,
            data: res.data,
            pagination: {
              ...params.pagination,
@@ -220,10 +218,9 @@ class ModelListPage extends BaseListPage {
        } else {
          if (Setting.isResponseDenied(res)) {
            this.setState({
+              loading: false,
              isAuthorized: false,
            });
-          } else {
-            Setting.showMessage("error", res.msg);
          }
        }
      });
--- a/web/src/OrganizationEditPage.js
+++ b/web/src/OrganizationEditPage.js
@@ -49,20 +49,10 @@ class OrganizationEditPage extends React.Component {

  getOrganization() {
    OrganizationBackend.getOrganization("admin", this.state.organizationName)
-      .then((res) => {
-        if (res.status === "ok") {
-          const organization = res.data;
-          if (organization === null) {
-            this.props.history.push("/404");
-            return;
-          }
-
-          this.setState({
-            organization: organization,
-          });
-        } else {
-          Setting.showMessage("error", res.msg);
-        }
+      .then((organization) => {
+        this.setState({
+          organization: organization,
+        });
      });
  }

@@ -193,29 +183,6 @@ class OrganizationEditPage extends React.Component {
            }} />
          </Col>
        </Row>
-        <Row style={{marginTop: "20px"}}>
-          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("general:Password complexity options"), i18next.t("general:Password complexity options - Tooltip"))} :
-          </Col>
-          <Col span={22} >
-            <Select
-              virtual={false}
-              style={{width: "100%"}}
-              mode="multiple"
-              value={this.state.organization.passwordOptions}
-              onChange={(value => {
-                this.updateOrganizationField("passwordOptions", value);
-              })}
-              options={[
-                {value: "AtLeast6", name: i18next.t("user:The password must have at least 6 characters")},
-                {value: "AtLeast8", name: i18next.t("user:The password must have at least 8 characters")},
-                {value: "Aa123", name: i18next.t("user:The password must contain at least one uppercase letter, one lowercase letter and one digit")},
-                {value: "SpecialChar", name: i18next.t("user:The password must contain at least one special character")},
-                {value: "NoRepeat", name: i18next.t("user:The password must not contain any repeated characters")},
-              ].map((item) => Setting.getOption(item.name, item.value))}
-            />
-          </Col>
-        </Row>
        <Row style={{marginTop: "20px"}} >
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
            {Setting.getLabel(i18next.t("general:Supported country codes"), i18next.t("general:Supported country codes - Tooltip"))} :
--- a/web/src/OrganizationListPage.js
+++ b/web/src/OrganizationListPage.js
@@ -34,7 +34,6 @@ class OrganizationListPage extends BaseListPage {
      favicon: `${Setting.StaticBaseUrl}/img/favicon.png`,
      passwordType: "plain",
      PasswordSalt: "",
-      passwordOptions: [],
      countryCodes: ["CN"],
      defaultAvatar: `${Setting.StaticBaseUrl}/img/casbin.svg`,
      defaultApplication: "",
@@ -61,10 +60,8 @@ class OrganizationListPage extends BaseListPage {
        {name: "Bio", visible: true, viewRule: "Public", modifyRule: "Self"},
        {name: "Tag", visible: true, viewRule: "Public", modifyRule: "Admin"},
        {name: "Signup application", visible: true, viewRule: "Public", modifyRule: "Admin"},
-        {name: "API key", label: i18next.t("general:API key")},
        {name: "Roles", visible: true, viewRule: "Public", modifyRule: "Immutable"},
        {name: "Permissions", visible: true, viewRule: "Public", modifyRule: "Immutable"},
-        {name: "Groups", visible: true, viewRule: "Public", modifyRule: "Immutable"},
        {name: "3rd-party logins", visible: true, viewRule: "Self", modifyRule: "Self"},
        {Name: "Multi-factor authentication", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
        {name: "Properties", visible: false, viewRule: "Admin", modifyRule: "Admin"},
@@ -224,12 +221,11 @@ class OrganizationListPage extends BaseListPage {
        title: i18next.t("general:Action"),
        dataIndex: "",
        key: "op",
-        width: "320px",
+        width: "240px",
        fixed: (Setting.isMobile()) ? "false" : "right",
        render: (text, record, index) => {
          return (
            <div>
-              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/trees/${record.name}`)}>{i18next.t("general:Groups")}</Button>
              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/organizations/${record.name}/users`)}>{i18next.t("general:Users")}</Button>
              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} onClick={() => this.props.history.push(`/organizations/${record.name}`)}>{i18next.t("general:Edit")}</Button>
              <PopconfirmModal
@@ -257,7 +253,7 @@ class OrganizationListPage extends BaseListPage {
          title={() => (
            <div>
              {i18next.t("general:Organizations")}&nbsp;&nbsp;&nbsp;&nbsp;
-              <Button type="primary" size="small" disabled={!Setting.isAdminUser(this.props.account)} onClick={this.addOrganization.bind(this)}>{i18next.t("general:Add")}</Button>
+              <Button type="primary" size="small" onClick={this.addOrganization.bind(this)}>{i18next.t("general:Add")}</Button>
            </div>
          )}
          loading={this.state.loading}
@@ -277,11 +273,9 @@ class OrganizationListPage extends BaseListPage {
    this.setState({loading: true});
    OrganizationBackend.getOrganizations("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
-        this.setState({
-          loading: false,
-        });
        if (res.status === "ok") {
          this.setState({
+            loading: false,
            data: res.data,
            pagination: {
              ...params.pagination,
@@ -293,10 +287,9 @@ class OrganizationListPage extends BaseListPage {
        } else {
          if (Setting.isResponseDenied(res)) {
            this.setState({
+              loading: false,
              isAuthorized: false,
            });
-          } else {
-            Setting.showMessage("error", res.msg);
          }
        }
      });
--- a/web/src/PaymentEditPage.js
+++ b/web/src/PaymentEditPage.js
@@ -40,13 +40,8 @@ class PaymentEditPage extends React.Component {
  }

  getPayment() {
-    PaymentBackend.getPayment("admin", this.state.paymentName)
+    PaymentBackend.getPayment(this.props.account.owner, this.state.paymentName)
      .then((payment) => {
-        if (payment === null) {
-          this.props.history.push("/404");
-          return;
-        }
-
        this.setState({
          payment: payment,
        });
--- a/web/src/PaymentListPage.js
+++ b/web/src/PaymentListPage.js
@@ -27,7 +27,7 @@ class PaymentListPage extends BaseListPage {
  newPayment() {
    const randomName = Setting.getRandomName();
    return {
-      owner: "admin",
+      owner: this.props.account.owner,
      name: `payment_${randomName}`,
      createdTime: moment().format(),
      displayName: `New Payment - ${randomName}`,
@@ -265,13 +265,11 @@ class PaymentListPage extends BaseListPage {
      value = params.type;
    }
    this.setState({loading: true});
-    PaymentBackend.getPayments("admin", Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    PaymentBackend.getPayments(Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
-        this.setState({
-          loading: false,
-        });
        if (res.status === "ok") {
          this.setState({
+            loading: false,
            data: res.data,
            pagination: {
              ...params.pagination,
@@ -283,10 +281,9 @@ class PaymentListPage extends BaseListPage {
        } else {
          if (Setting.isResponseDenied(res)) {
            this.setState({
+              loading: false,
              isAuthorized: false,
            });
-          } else {
-            Setting.showMessage("error", res.msg);
          }
        }
      });
--- a/web/src/PaymentResultPage.js
+++ b/web/src/PaymentResultPage.js
@@ -25,7 +25,6 @@ class PaymentResultPage extends React.Component {
      classes: props,
      paymentName: props.match.params.paymentName,
      payment: null,
-      timeout: null,
    };
  }

@@ -33,21 +32,15 @@ class PaymentResultPage extends React.Component {
    this.getPayment();
  }

-  componentWillUnmount() {
-    if (this.state.timeout !== null) {
-      clearTimeout(this.state.timeout);
-    }
-  }
-
  getPayment() {
-    PaymentBackend.getPayment("admin", this.state.paymentName)
+    PaymentBackend.getPayment(this.props.account.owner, this.state.paymentName)
      .then((payment) => {
        this.setState({
          payment: payment,
        });

        if (payment.state === "Created") {
-          this.setState({timeout: setTimeout(() => this.getPayment(), 1000)});
+          setTimeout(() => this.getPayment(), 1000);
        }
      });
  }
--- a/web/src/PermissionEditPage.js
+++ b/web/src/PermissionEditPage.js
@@ -50,11 +50,6 @@ class PermissionEditPage extends React.Component {
  getPermission() {
    PermissionBackend.getPermission(this.state.organizationName, this.state.permissionName)
      .then((permission) => {
-        if (permission === null) {
-          this.props.history.push("/404");
-          return;
-        }
-
        this.setState({
          permission: permission,
        });
@@ -195,16 +190,6 @@ class PermissionEditPage extends React.Component {
            }} />
          </Col>
        </Row>
-        <Row style={{marginTop: "20px"}} >
-          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("general:Description"), i18next.t("general:Description - Tooltip"))} :
-          </Col>
-          <Col span={22} >
-            <Input value={this.state.permission.description} onChange={e => {
-              this.updatePermissionField("description", e.target.value);
-            }} />
-          </Col>
-        </Row>
        <Row style={{marginTop: "20px"}} >
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
            {Setting.getLabel(i18next.t("general:Model"), i18next.t("general:Model - Tooltip"))} :
@@ -269,12 +254,10 @@ class PermissionEditPage extends React.Component {
          <Col span={22} >
            <Select virtual={false} style={{width: "100%"}} value={this.state.permission.resourceType} onChange={(value => {
              this.updatePermissionField("resourceType", value);
-              this.updatePermissionField("resources", []);
            })}
            options={[
              {value: "Application", name: i18next.t("general:Application")},
              {value: "TreeNode", name: i18next.t("permission:TreeNode")},
-              {value: "Custom", name: i18next.t("general:Custom")},
            ].map((item) => Setting.getOption(item.name, item.value))}
            />
          </Col>
@@ -284,7 +267,7 @@ class PermissionEditPage extends React.Component {
            {Setting.getLabel(i18next.t("general:Resources"), i18next.t("permission:Resources - Tooltip"))} :
          </Col>
          <Col span={22} >
-            <Select virtual={false} mode={(this.state.permission.resourceType === "Custom") ? "tags" : "multiple"} style={{width: "100%"}} value={this.state.permission.resources}
+            <Select virtual={false} mode="multiple" style={{width: "100%"}} value={this.state.permission.resources}
              onChange={(value => {this.updatePermissionField("resources", value);})}
              options={this.state.resources.map((resource) => Setting.getOption(`${resource.name}`, `${resource.name}`))
              } />
--- a/Show More
+++ b/Show More