feat: fix checkPermissionForUpdateUser() logic (#1454)

* fix: fix `checkPermissionForUpdateUser()` logic

* fix: fix `checkPermissionForUpdateUser()` logic

controllers/account.go

@@ -271,6 +271,11 @@ func (c *ApiController) GetAccount() {
 		user = object.ExtendManagedAccountsWithUser(user)
 	}
 
+	object.ExtendUserWithRolesAndPermissions(user)
+
+	user.Permissions = object.GetMaskedPermissions(user.Permissions)
+	user.Roles = object.GetMaskedRoles(user.Roles)
+
 	organization := object.GetMaskedOrganization(object.GetOrganizationByUser(user))
 	resp := Response{
 		Status: "ok",

controllers/user.go

@@ -17,7 +17,6 @@ package controllers
 import (
 	"encoding/json"
 	"fmt"
-	"reflect"
 	"strings"
 
 	"github.com/beego/beego/utils/pagination"
@@ -200,18 +199,28 @@ func checkPermissionForUpdateUser(id string, newUser object.User, c *ApiControll
 		item := object.GetAccountItemByName("Signup application", org)
 		itemsChanged = append(itemsChanged, item)
 	}
-	if reflect.DeepEqual(oldUser.Roles, newUser.Roles) {
+
+	oldUserRolesJson, _ := json.Marshal(oldUser.Roles)
+	newUserRolesJson, _ := json.Marshal(newUser.Roles)
+	if string(oldUserRolesJson) != string(newUserRolesJson) {
 		item := object.GetAccountItemByName("Roles", org)
 		itemsChanged = append(itemsChanged, item)
 	}
-	if reflect.DeepEqual(oldUser.Permissions, newUser.Permissions) {
+
+	oldUserPermissionJson, _ := json.Marshal(oldUser.Permissions)
+	newUserPermissionJson, _ := json.Marshal(newUser.Permissions)
+	if string(oldUserPermissionJson) != string(newUserPermissionJson) {
 		item := object.GetAccountItemByName("Permissions", org)
 		itemsChanged = append(itemsChanged, item)
 	}
-	if reflect.DeepEqual(oldUser.Properties, newUser.Properties) {
+
+	oldUserPropertiesJson, _ := json.Marshal(oldUser.Properties)
+	newUserPropertiesJson, _ := json.Marshal(newUser.Properties)
+	if string(oldUserPropertiesJson) != string(newUserPropertiesJson) {
 		item := object.GetAccountItemByName("Properties", org)
 		itemsChanged = append(itemsChanged, item)
 	}
+
 	if oldUser.IsAdmin != newUser.IsAdmin {
 		item := object.GetAccountItemByName("Is admin", org)
 		itemsChanged = append(itemsChanged, item)
@@ -273,7 +282,7 @@ func (c *ApiController) UpdateUser() {
 	isGlobalAdmin := c.IsGlobalAdmin()
 
 	if pass, err := checkPermissionForUpdateUser(id, user, c); !pass {
-		c.ResponseError(c.T(err))
+		c.ResponseError(err)
 		return
 	}
 

i18n/locales/zh/data.json

@@ -90,7 +90,7 @@
     "You can't unlink yourself, you are not a member of any application": "您无法取消链接，您不是任何应用程序的成员"
   },
   "organization": {
-    "Only admin can modify the %s.": "您无法取消链接，您不是任何应用程序的成员",
+    "Only admin can modify the %s.": "仅允许管理员可以修改 %s",
     "The %s is immutable.": "%s是不可变的",
     "Unknown modify rule %s.": "未知的修改规则"
   },

object/permission.go

@@ -269,3 +269,12 @@ func ContainsAsterisk(userId string, users []string) bool {
 
 	return containsAsterisk
 }
+
+func GetMaskedPermissions(permissions []*Permission) []*Permission {
+	for _, permission := range permissions {
+		permission.Users = nil
+		permission.Submitter = ""
+	}
+
+	return permissions
+}

object/role.go

@@ -192,3 +192,11 @@ func roleChangeTrigger(oldName string, newName string) error {
 
 	return session.Commit()
 }
+
+func GetMaskedRoles(roles []*Role) []*Role {
+	for _, role := range roles {
+		role.Users = nil
+	}
+
+	return roles
+}