feat: AI responses support streaming (#1826 )

Is an AI response that supports streaming return
Support modelId arg in Enforce() API
2025-07-22 07:43:51 +08:00 · 2023-05-13 11:31:20 +08:00 · 2023-05-12 21:39:57 +08:00 · 2023-05-12 21:32:48 +08:00 · 2023-05-12 13:03:43 +08:00 · 2023-05-12 12:16:03 +08:00
96 changed files with 471 additions and 222 deletions
--- a/ai/ai.go
+++ b/ai/ai.go
@ -18,6 +18,7 @@ import (
 	"context"
 	"fmt"
 	"io"
+	"net/http"
 	"strings"
 	"time"

@ -78,7 +79,10 @@ func QueryAnswerStream(authToken string, question string, writer io.Writer, buil
 	client := getProxyClientFromToken(authToken)

 	ctx := context.Background()
-
+	flusher, ok := writer.(http.Flusher)
+	if !ok {
+		return fmt.Errorf("writer does not implement http.Flusher")
+	}
 	// https://platform.openai.com/tokenizer
 	// https://github.com/pkoukk/tiktoken-go#available-encodings
 	promptTokens, err := getTokenSize(openai.GPT3TextDavinci003, question)
@ -122,11 +126,13 @@ func QueryAnswerStream(authToken string, question string, writer io.Writer, buil
 			}
 		}

+		fmt.Printf("%s", data)
+
 		// Write the streamed data as Server-Sent Events
 		if _, err = fmt.Fprintf(writer, "data: %s\n\n", data); err != nil {
 			return err
 		}
-
+		flusher.Flush()
 		// Append the response to the strings.Builder
 		builder.WriteString(data)
 	}
--- a/authz/authz.go
+++ b/authz/authz.go
@ -151,7 +151,7 @@ func IsAllowed(subOwner string, subName string, method string, urlPath string, o

 	userId := fmt.Sprintf("%s/%s", subOwner, subName)
 	user := object.GetUser(userId)
-	if user != nil && user.IsAdmin && (subOwner == objOwner || (objOwner == "admin" && subOwner == objName)) {
+	if user != nil && user.IsAdmin && (subOwner == objOwner || (objOwner == "admin")) {
 		return true
 	}

--- a/controllers/auth.go
+++ b/controllers/auth.go
@ -141,7 +141,7 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 		c.setExpireForSession()
 	}

-	if resp.Status == "ok" && user.Owner == object.CasdoorOrganization && application.Name == object.CasdoorApplication {
+	if resp.Status == "ok" {
 		object.AddSession(&object.Session{
 			Owner:       user.Owner,
 			Name:        user.Name,
--- a/controllers/casbin_adapter.go
+++ b/controllers/casbin_adapter.go
@ -31,13 +31,14 @@ func (c *ApiController) GetCasbinAdapters() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
+	organization := c.Input().Get("organization")
 	if limit == "" || page == "" {
-		adapters := object.GetCasbinAdapters(owner)
+		adapters := object.GetCasbinAdapters(owner, organization)
 		c.ResponseOk(adapters)
 	} else {
 		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetCasbinAdapterCount(owner, field, value)))
-		adapters := object.GetPaginationCasbinAdapters(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetCasbinAdapterCount(owner, organization, field, value)))
+		adapters := object.GetPaginationCasbinAdapters(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(adapters, paginator.Nums())
 	}
 }
--- a/controllers/cert.go
+++ b/controllers/cert.go
@ -48,6 +48,30 @@ func (c *ApiController) GetCerts() {
 	}
 }

+// GetGlobleCerts
+// @Title GetGlobleCerts
+// @Tag Cert API
+// @Description get globle certs
+// @Success 200 {array} object.Cert The Response object
+// @router /get-globle-certs [get]
+func (c *ApiController) GetGlobleCerts() {
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
+	if limit == "" || page == "" {
+		c.Data["json"] = object.GetMaskedCerts(object.GetGlobleCerts())
+		c.ServeJSON()
+	} else {
+		limit := util.ParseInt(limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetGlobalCertsCount(field, value)))
+		certs := object.GetMaskedCerts(object.GetPaginationGlobalCerts(paginator.Offset(), limit, field, value, sortField, sortOrder))
+		c.ResponseOk(certs, paginator.Nums())
+	}
+}
+
 // GetCert
 // @Title GetCert
 // @Tag Cert API
--- a/controllers/chat.go
+++ b/controllers/chat.go
@ -31,6 +31,7 @@ import (
 // @router /get-chats [get]
 func (c *ApiController) GetChats() {
 	owner := c.Input().Get("owner")
+	owner = "admin"
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
--- a/controllers/enforcer.go
+++ b/controllers/enforcer.go
@ -18,30 +18,61 @@ import (
 	"encoding/json"

 	"github.com/casdoor/casdoor/object"
+	"github.com/casdoor/casdoor/util"
 )

 func (c *ApiController) Enforce() {
-	var permissionRule object.PermissionRule
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &permissionRule)
+	permissionId := c.Input().Get("permissionId")
+	modelId := c.Input().Get("modelId")
+
+	var request object.CasbinRequest
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &request)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}

-	c.Data["json"] = object.Enforce(&permissionRule)
-	c.ServeJSON()
+	if permissionId != "" {
+		c.Data["json"] = object.Enforce(permissionId, &request)
+		c.ServeJSON()
+	} else {
+		owner, modelName := util.GetOwnerAndNameFromId(modelId)
+		permissions := object.GetPermissionsByModel(owner, modelName)
+
+		res := []bool{}
+		for _, permission := range permissions {
+			res = append(res, object.Enforce(permission.GetId(), &request))
+		}
+		c.Data["json"] = res
+		c.ServeJSON()
+	}
 }

 func (c *ApiController) BatchEnforce() {
-	var permissionRules []object.PermissionRule
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &permissionRules)
+	permissionId := c.Input().Get("permissionId")
+	modelId := c.Input().Get("modelId")
+
+	var requests []object.CasbinRequest
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &requests)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}

-	c.Data["json"] = object.BatchEnforce(permissionRules)
-	c.ServeJSON()
+	if permissionId != "" {
+		c.Data["json"] = object.BatchEnforce(permissionId, &requests)
+		c.ServeJSON()
+	} else {
+		owner, modelName := util.GetOwnerAndNameFromId(modelId)
+		permissions := object.GetPermissionsByModel(owner, modelName)
+
+		res := [][]bool{}
+		for _, permission := range permissions {
+			res = append(res, object.BatchEnforce(permission.GetId(), &requests))
+		}
+		c.Data["json"] = res
+		c.ServeJSON()
+	}
 }

 func (c *ApiController) GetAllObjects() {
--- a/controllers/message.go
+++ b/controllers/message.go
@ -41,7 +41,7 @@ func (c *ApiController) GetMessages() {
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	chat := c.Input().Get("chat")
-
+	organization := c.Input().Get("organization")
 	if limit == "" || page == "" {
 		var messages []*object.Message
 		if chat == "" {
@ -54,8 +54,8 @@ func (c *ApiController) GetMessages() {
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetMessageCount(owner, field, value)))
-		messages := object.GetMaskedMessages(object.GetPaginationMessages(owner, paginator.Offset(), limit, field, value, sortField, sortOrder))
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetMessageCount(owner, organization, field, value)))
+		messages := object.GetMaskedMessages(object.GetPaginationMessages(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder))
 		c.ResponseOk(messages, paginator.Nums())
 	}
 }
@ -107,9 +107,9 @@ func (c *ApiController) GetMessageAnswer() {
 		return
 	}

-	chatId := util.GetId(message.Owner, message.Chat)
+	chatId := util.GetId("admin", message.Chat)
 	chat := object.GetChat(chatId)
-	if chat == nil {
+	if chat == nil || chat.Organization != message.Organization {
 		c.ResponseErrorStream(fmt.Sprintf(c.T("chat:The chat: %s is not found"), chatId))
 		return
 	}
@ -144,12 +144,18 @@ func (c *ApiController) GetMessageAnswer() {
 	authToken := provider.ClientSecret
 	question := questionMessage.Text
 	var stringBuilder strings.Builder
+
+	fmt.Printf("Question: [%s]\n", questionMessage.Text)
+	fmt.Printf("Answer: [")
+
 	err := ai.QueryAnswerStream(authToken, question, c.Ctx.ResponseWriter, &stringBuilder)
 	if err != nil {
 		c.ResponseErrorStream(err.Error())
 		return
 	}

+	fmt.Printf("]\n")
+
 	event := fmt.Sprintf("event: end\ndata: %s\n\n", "end")
 	_, err = c.Ctx.ResponseWriter.Write([]byte(event))
 	if err != nil {
@ -158,9 +164,6 @@ func (c *ApiController) GetMessageAnswer() {

 	answer := stringBuilder.String()

-	fmt.Printf("Question: [%s]\n", questionMessage.Text)
-	fmt.Printf("Answer: [%s]\n", answer)
-
 	message.Text = answer
 	object.UpdateMessage(message.GetId(), message)
 }
@ -202,10 +205,18 @@ func (c *ApiController) AddMessage() {
 		return
 	}

+	var chat *object.Chat
+	if message.Chat != "" {
+		chatId := util.GetId("admin", message.Chat)
+		chat = object.GetChat(chatId)
+		if chat == nil || chat.Organization != message.Organization {
+			c.ResponseError(fmt.Sprintf(c.T("chat:The chat: %s is not found"), chatId))
+			return
+		}
+	}
+
 	affected := object.AddMessage(&message)
 	if affected {
-		chatId := util.GetId(message.Owner, message.Chat)
-		chat := object.GetChat(chatId)
 		if chat != nil && chat.Type == "AI" {
 			answerMessage := &object.Message{
 				Owner:        message.Owner,
--- a/controllers/resource.go
+++ b/controllers/resource.go
@ -21,6 +21,7 @@ import (
 	"io"
 	"mime"
 	"path/filepath"
+	"strings"

 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
@ -235,10 +236,21 @@ func (c *ApiController) UploadResource() {
 		user.Avatar = fileUrl
 		object.UpdateUser(user.GetId(), user, []string{"avatar"}, false)
 	case "termsOfUse":
-		applicationId := fmt.Sprintf("admin/%s", parent)
-		app := object.GetApplication(applicationId)
-		app.TermsOfUse = fileUrl
-		object.UpdateApplication(applicationId, app)
+		user := object.GetUserNoCheck(util.GetId(owner, username))
+		if user == nil {
+			c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(owner, username)))
+			return
+		}
+
+		if !user.IsAdminUser() {
+			c.ResponseError(c.T("auth:Unauthorized operation"))
+			return
+		}
+
+		_, applicationId := util.GetOwnerAndNameFromIdNoCheck(strings.TrimRight(fullFilePath, ".html"))
+		applicationObj := object.GetApplication(applicationId)
+		applicationObj.TermsOfUse = fileUrl
+		object.UpdateApplication(applicationId, applicationObj)
 	}

 	c.ResponseOk(fileUrl, objectKey)
--- a/controllers/syncer.go
+++ b/controllers/syncer.go
@ -37,13 +37,14 @@ func (c *ApiController) GetSyncers() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
+	organization := c.Input().Get("organization")
 	if limit == "" || page == "" {
-		c.Data["json"] = object.GetSyncers(owner)
+		c.Data["json"] = object.GetOrganizationSyncers(owner, organization)
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetSyncerCount(owner, field, value)))
-		syncers := object.GetPaginationSyncers(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetSyncerCount(owner, organization, field, value)))
+		syncers := object.GetPaginationSyncers(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(syncers, paginator.Nums())
 	}
 }
--- a/controllers/token.go
+++ b/controllers/token.go
@ -39,13 +39,14 @@ func (c *ApiController) GetTokens() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
+	organization := c.Input().Get("organization")
 	if limit == "" || page == "" {
-		c.Data["json"] = object.GetTokens(owner)
+		c.Data["json"] = object.GetTokens(owner, organization)
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetTokenCount(owner, field, value)))
-		tokens := object.GetPaginationTokens(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetTokenCount(owner, organization, field, value)))
+		tokens := object.GetPaginationTokens(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(tokens, paginator.Nums())
 	}
 }
--- a/controllers/webhook.go
+++ b/controllers/webhook.go
@ -37,13 +37,14 @@ func (c *ApiController) GetWebhooks() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
+	organization := c.Input().Get("organization")
 	if limit == "" || page == "" {
-		c.Data["json"] = object.GetWebhooks(owner)
+		c.Data["json"] = object.GetWebhooks(owner, organization)
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetWebhookCount(owner, field, value)))
-		webhooks := object.GetPaginationWebhooks(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetWebhookCount(owner, organization, field, value)))
+		webhooks := object.GetPaginationWebhooks(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(webhooks, paginator.Nums())
 	}
 }
--- a/ldap/server.go
+++ b/ldap/server.go
@ -113,6 +113,9 @@ func handleSearch(w ldap.ResponseWriter, m *ldap.Message) {

 		for _, attr := range r.Attributes() {
 			e.AddAttribute(message.AttributeDescription(attr), getAttribute(string(attr), user))
+			if string(attr) == "cn" {
+				e.AddAttribute(message.AttributeDescription(attr), getAttribute("title", user))
+			}
 		}

 		w.Write(e)
--- a/ldap/util.go
+++ b/ldap/util.go
@ -74,6 +74,15 @@ func getUsername(filter string) string {
 	return name
 }

+func stringInSlice(value string, list []string) bool {
+	for _, item := range list {
+		if item == value {
+			return true
+		}
+	}
+	return false
+}
+
 func GetFilteredUsers(m *ldap.Message) (filteredUsers []*object.User, code int) {
 	r := m.GetSearchRequest()

@ -94,13 +103,32 @@ func GetFilteredUsers(m *ldap.Message) (filteredUsers []*object.User, code int)
 			return nil, ldap.LDAPResultInsufficientAccessRights
 		}
 	} else {
-		hasPermission, err := object.CheckUserPermission(fmt.Sprintf("%s/%s", m.Client.OrgName, m.Client.UserName), fmt.Sprintf("%s/%s", org, name), true, "en")
+		requestUserId := util.GetId(m.Client.OrgName, m.Client.UserName)
+		userId := util.GetId(org, name)
+
+		hasPermission, err := object.CheckUserPermission(requestUserId, userId, true, "en")
 		if !hasPermission {
 			log.Printf("ErrMsg = %v", err.Error())
 			return nil, ldap.LDAPResultInsufficientAccessRights
 		}
-		user := object.GetUser(util.GetId(org, name))
-		filteredUsers = append(filteredUsers, user)
+
+		user := object.GetUser(userId)
+		if user != nil {
+			filteredUsers = append(filteredUsers, user)
+			return filteredUsers, ldap.LDAPResultSuccess
+		}
+
+		organization := object.GetOrganization(util.GetId("admin", org))
+		if organization == nil {
+			return nil, ldap.LDAPResultNoSuchObject
+		}
+
+		if !stringInSlice(name, organization.Tags) {
+			return nil, ldap.LDAPResultNoSuchObject
+		}
+
+		users := object.GetUsersByTag(org, name)
+		filteredUsers = append(filteredUsers, users...)
 		return filteredUsers, ldap.LDAPResultSuccess
 	}
 }
@ -130,12 +158,16 @@ func getAttribute(attributeName string, user *object.User) message.AttributeValu
 		return message.AttributeValue(user.Name)
 	case "uid":
 		return message.AttributeValue(user.Name)
+	case "displayname":
+		return message.AttributeValue(user.DisplayName)
 	case "email":
 		return message.AttributeValue(user.Email)
 	case "mail":
 		return message.AttributeValue(user.Email)
 	case "mobile":
 		return message.AttributeValue(user.Phone)
+	case "title":
+		return message.AttributeValue(user.Tag)
 	case "userPassword":
 		return message.AttributeValue(getUserPasswordWithType(user))
 	default:
--- a/object/application.go
+++ b/object/application.go
@ -72,6 +72,7 @@ type Application struct {
 	SigninHtml           string     `xorm:"mediumtext" json:"signinHtml"`
 	ThemeData            *ThemeData `xorm:"json" json:"themeData"`
 	FormCss              string     `xorm:"text" json:"formCss"`
+	FormCssMobile        string     `xorm:"text" json:"formCssMobile"`
 	FormOffset           int        `json:"formOffset"`
 	FormSideHtml         string     `xorm:"mediumtext" json:"formSideHtml"`
 	FormBackgroundUrl    string     `xorm:"varchar(200)" json:"formBackgroundUrl"`
@ -109,7 +110,7 @@ func GetApplications(owner string) []*Application {

 func GetOrganizationApplications(owner string, organization string) []*Application {
 	applications := []*Application{}
-	err := adapter.Engine.Desc("created_time").Find(&applications, &Application{Owner: owner, Organization: organization})
+	err := adapter.Engine.Desc("created_time").Find(&applications, &Application{Organization: organization})
 	if err != nil {
 		panic(err)
 	}
@ -131,7 +132,7 @@ func GetPaginationApplications(owner string, offset, limit int, field, value, so
 func GetPaginationOrganizationApplications(owner, organization string, offset, limit int, field, value, sortField, sortOrder string) []*Application {
 	applications := []*Application{}
 	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
-	err := session.Find(&applications, &Application{Owner: owner, Organization: organization})
+	err := session.Find(&applications, &Application{Organization: organization})
 	if err != nil {
 		panic(err)
 	}
--- a/object/casbin_adapter.go
+++ b/object/casbin_adapter.go
@ -46,9 +46,9 @@ type CasbinAdapter struct {
 	Adapter *xormadapter.Adapter `xorm:"-" json:"-"`
 }

-func GetCasbinAdapterCount(owner, field, value string) int {
+func GetCasbinAdapterCount(owner, organization, field, value string) int {
 	session := GetSession(owner, -1, -1, field, value, "", "")
-	count, err := session.Count(&CasbinAdapter{})
+	count, err := session.Count(&CasbinAdapter{Organization: organization})
 	if err != nil {
 		panic(err)
 	}
@ -56,9 +56,9 @@ func GetCasbinAdapterCount(owner, field, value string) int {
 	return int(count)
 }

-func GetCasbinAdapters(owner string) []*CasbinAdapter {
+func GetCasbinAdapters(owner string, organization string) []*CasbinAdapter {
 	adapters := []*CasbinAdapter{}
-	err := adapter.Engine.Where("owner = ?", owner).Find(&adapters)
+	err := adapter.Engine.Where("owner = ? and organization = ?", owner, organization).Find(&adapters)
 	if err != nil {
 		panic(err)
 	}
@ -66,10 +66,10 @@ func GetCasbinAdapters(owner string) []*CasbinAdapter {
 	return adapters
 }

-func GetPaginationCasbinAdapters(owner string, page, limit int, field, value, sort, order string) []*CasbinAdapter {
+func GetPaginationCasbinAdapters(owner, organization string, page, limit int, field, value, sort, order string) []*CasbinAdapter {
 	session := GetSession(owner, page, limit, field, value, sort, order)
 	adapters := []*CasbinAdapter{}
-	err := session.Find(&adapters)
+	err := session.Find(&adapters, &CasbinAdapter{Organization: organization})
 	if err != nil {
 		panic(err)
 	}
--- a/object/cert.go
+++ b/object/cert.go
@ -55,8 +55,8 @@ func GetMaskedCerts(certs []*Cert) []*Cert {
 }

 func GetCertCount(owner, field, value string) int {
-	session := GetSession(owner, -1, -1, field, value, "", "")
-	count, err := session.Count(&Cert{})
+	session := GetSession("", -1, -1, field, value, "", "")
+	count, err := session.Where("owner = ? or owner = ? ", "admin", owner).Count(&Cert{})
 	if err != nil {
 		panic(err)
 	}
@ -66,7 +66,7 @@ func GetCertCount(owner, field, value string) int {

 func GetCerts(owner string) []*Cert {
 	certs := []*Cert{}
-	err := adapter.Engine.Desc("created_time").Find(&certs, &Cert{Owner: owner})
+	err := adapter.Engine.Where("owner = ? or owner = ? ", "admin", owner).Desc("created_time").Find(&certs, &Cert{})
 	if err != nil {
 		panic(err)
 	}
@ -76,7 +76,38 @@ func GetCerts(owner string) []*Cert {

 func GetPaginationCerts(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Cert {
 	certs := []*Cert{}
-	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
+	session := GetSession("", offset, limit, field, value, sortField, sortOrder)
+	err := session.Where("owner = ? or owner = ? ", "admin", owner).Find(&certs)
+	if err != nil {
+		panic(err)
+	}
+
+	return certs
+}
+
+func GetGlobalCertsCount(field, value string) int {
+	session := GetSession("", -1, -1, field, value, "", "")
+	count, err := session.Count(&Cert{})
+	if err != nil {
+		panic(err)
+	}
+
+	return int(count)
+}
+
+func GetGlobleCerts() []*Cert {
+	certs := []*Cert{}
+	err := adapter.Engine.Desc("created_time").Find(&certs)
+	if err != nil {
+		panic(err)
+	}
+
+	return certs
+}
+
+func GetPaginationGlobalCerts(offset, limit int, field, value, sortField, sortOrder string) []*Cert {
+	certs := []*Cert{}
+	session := GetSession("", offset, limit, field, value, sortField, sortOrder)
 	err := session.Find(&certs)
 	if err != nil {
 		panic(err)
--- a/object/check.go
+++ b/object/check.go
@ -282,6 +282,10 @@ func CheckUserPermission(requestUserId, userId string, strict bool, lang string)
 	if userId != "" {
 		targetUser := GetUser(userId)
 		if targetUser == nil {
+			if strings.HasPrefix(requestUserId, "built-in/") {
+				return true, nil
+			}
+
 			return false, fmt.Errorf(i18n.Translate(lang, "general:The user: %s doesn't exist"), userId)
 		}

--- a/object/message.go
+++ b/object/message.go
@ -48,9 +48,9 @@ func GetMaskedMessages(messages []*Message) []*Message {
 	return messages
 }

-func GetMessageCount(owner, field, value string) int {
+func GetMessageCount(owner, organization, field, value string) int {
 	session := GetSession(owner, -1, -1, field, value, "", "")
-	count, err := session.Count(&Message{})
+	count, err := session.Count(&Message{Organization: organization})
 	if err != nil {
 		panic(err)
 	}
@ -78,10 +78,10 @@ func GetChatMessages(chat string) []*Message {
 	return messages
 }

-func GetPaginationMessages(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Message {
+func GetPaginationMessages(owner, organization string, offset, limit int, field, value, sortField, sortOrder string) []*Message {
 	messages := []*Message{}
 	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
-	err := session.Find(&messages)
+	err := session.Find(&messages, &Message{Organization: organization})
 	if err != nil {
 		panic(err)
 	}
--- a/object/permission.go
+++ b/object/permission.go
@ -15,8 +15,6 @@
 package object

 import (
-	"fmt"
-
 	"github.com/casdoor/casdoor/util"
 	"github.com/xorm-io/core"
 )
@ -65,30 +63,6 @@ func (p *Permission) GetId() string {
 	return util.GetId(p.Owner, p.Name)
 }

-func (p *PermissionRule) GetRequest(adapterName string, permissionId string) ([]interface{}, error) {
-	request := []interface{}{p.V0, p.V1, p.V2}
-
-	if p.V3 != "" {
-		request = append(request, p.V3)
-	}
-
-	if p.V4 != "" {
-		request = append(request, p.V4)
-	}
-
-	if adapterName == builtInAdapter {
-		if p.V5 != "" {
-			return nil, fmt.Errorf("too many parameters. The maximum parameter number cannot exceed %d", builtInAvailableField)
-		}
-		return request, nil
-	} else {
-		if p.V5 != "" {
-			request = append(request, p.V5)
-		}
-		return request, nil
-	}
-}
-
 func GetPermissionCount(owner, field, value string) int {
 	session := GetSession(owner, -1, -1, field, value, "", "")
 	count, err := session.Count(&Permission{})
@ -271,6 +245,16 @@ func GetPermissionsBySubmitter(owner string, submitter string) []*Permission {
 	return permissions
 }

+func GetPermissionsByModel(owner string, model string) []*Permission {
+	permissions := []*Permission{}
+	err := adapter.Engine.Desc("created_time").Find(&permissions, &Permission{Owner: owner, Model: model})
+	if err != nil {
+		panic(err)
+	}
+
+	return permissions
+}
+
 func ContainsAsterisk(userId string, users []string) bool {
 	containsAsterisk := false
 	group, _ := util.GetOwnerAndNameFromId(userId)
--- a/object/permission_enforcer.go
+++ b/object/permission_enforcer.go
@ -62,7 +62,11 @@ func getEnforcer(permission *Permission) *casbin.Enforcer {
 		panic(err)
 	}

-	enforcer.InitWithModelAndAdapter(m, nil)
+	err = enforcer.InitWithModelAndAdapter(m, nil)
+	if err != nil {
+		panic(err)
+	}
+
 	enforcer.SetAdapter(adapter)

 	policyFilter := xormadapter.Filter{
@ -216,28 +220,23 @@ func removePolicies(permission *Permission) {
 	}
 }

-func Enforce(permissionRule *PermissionRule) bool {
-	permission := GetPermission(permissionRule.Id)
+type CasbinRequest = []interface{}
+
+func Enforce(permissionId string, request *CasbinRequest) bool {
+	permission := GetPermission(permissionId)
 	enforcer := getEnforcer(permission)

-	request, _ := permissionRule.GetRequest(builtInAdapter, permissionRule.Id)
-
-	allow, err := enforcer.Enforce(request...)
+	allow, err := enforcer.Enforce(*request...)
 	if err != nil {
 		panic(err)
 	}
 	return allow
 }

-func BatchEnforce(permissionRules []PermissionRule) []bool {
-	var requests [][]interface{}
-	for _, permissionRule := range permissionRules {
-		request, _ := permissionRule.GetRequest(builtInAdapter, permissionRule.Id)
-		requests = append(requests, request)
-	}
-	permission := GetPermission(permissionRules[0].Id)
+func BatchEnforce(permissionId string, requests *[]CasbinRequest) []bool {
+	permission := GetPermission(permissionId)
 	enforcer := getEnforcer(permission)
-	allow, err := enforcer.BatchEnforce(requests)
+	allow, err := enforcer.BatchEnforce(*requests)
 	if err != nil {
 		panic(err)
 	}
--- a/object/syncer.go
+++ b/object/syncer.go
@ -55,9 +55,9 @@ type Syncer struct {
 	Adapter *Adapter `xorm:"-" json:"-"`
 }

-func GetSyncerCount(owner, field, value string) int {
+func GetSyncerCount(owner, organization, field, value string) int {
 	session := GetSession(owner, -1, -1, field, value, "", "")
-	count, err := session.Count(&Syncer{})
+	count, err := session.Count(&Syncer{Organization: organization})
 	if err != nil {
 		panic(err)
 	}
@ -75,10 +75,20 @@ func GetSyncers(owner string) []*Syncer {
 	return syncers
 }

-func GetPaginationSyncers(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Syncer {
+func GetOrganizationSyncers(owner, organization string) []*Syncer {
+	syncers := []*Syncer{}
+	err := adapter.Engine.Desc("created_time").Find(&syncers, &Syncer{Owner: owner, Organization: organization})
+	if err != nil {
+		panic(err)
+	}
+
+	return syncers
+}
+
+func GetPaginationSyncers(owner, organization string, offset, limit int, field, value, sortField, sortOrder string) []*Syncer {
 	syncers := []*Syncer{}
 	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
-	err := session.Find(&syncers)
+	err := session.Find(&syncers, &Syncer{Organization: organization})
 	if err != nil {
 		panic(err)
 	}
--- a/object/token.go
+++ b/object/token.go
@ -91,9 +91,9 @@ type IntrospectionResponse struct {
 	Jti       string   `json:"jti,omitempty"`
 }

-func GetTokenCount(owner, field, value string) int {
+func GetTokenCount(owner, organization, field, value string) int {
 	session := GetSession(owner, -1, -1, field, value, "", "")
-	count, err := session.Count(&Token{})
+	count, err := session.Count(&Token{Organization: organization})
 	if err != nil {
 		panic(err)
 	}
@ -101,9 +101,9 @@ func GetTokenCount(owner, field, value string) int {
 	return int(count)
 }

-func GetTokens(owner string) []*Token {
+func GetTokens(owner string, organization string) []*Token {
 	tokens := []*Token{}
-	err := adapter.Engine.Desc("created_time").Find(&tokens, &Token{Owner: owner})
+	err := adapter.Engine.Desc("created_time").Find(&tokens, &Token{Owner: owner, Organization: organization})
 	if err != nil {
 		panic(err)
 	}
@ -111,10 +111,10 @@ func GetTokens(owner string) []*Token {
 	return tokens
 }

-func GetPaginationTokens(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Token {
+func GetPaginationTokens(owner, organization string, offset, limit int, field, value, sortField, sortOrder string) []*Token {
 	tokens := []*Token{}
 	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
-	err := session.Find(&tokens)
+	err := session.Find(&tokens, &Token{Organization: organization})
 	if err != nil {
 		panic(err)
 	}
--- a/object/user.go
+++ b/object/user.go
@ -250,6 +250,16 @@ func GetUsers(owner string) []*User {
 	return users
 }

+func GetUsersByTag(owner string, tag string) []*User {
+	users := []*User{}
+	err := adapter.Engine.Desc("created_time").Find(&users, &User{Owner: owner, Tag: tag})
+	if err != nil {
+		panic(err)
+	}
+
+	return users
+}
+
 func GetSortedUsers(owner string, sorter string, limit int) []*User {
 	users := []*User{}
 	err := adapter.Engine.Desc(sorter).Limit(limit, 0).Find(&users, &User{Owner: owner})
--- a/object/webhook.go
+++ b/object/webhook.go
@ -42,9 +42,9 @@ type Webhook struct {
 	IsEnabled      bool      `json:"isEnabled"`
 }

-func GetWebhookCount(owner, field, value string) int {
+func GetWebhookCount(owner, organization, field, value string) int {
 	session := GetSession(owner, -1, -1, field, value, "", "")
-	count, err := session.Count(&Webhook{})
+	count, err := session.Count(&Webhook{Organization: organization})
 	if err != nil {
 		panic(err)
 	}
@ -52,9 +52,9 @@ func GetWebhookCount(owner, field, value string) int {
 	return int(count)
 }

-func GetWebhooks(owner string) []*Webhook {
+func GetWebhooks(owner string, organization string) []*Webhook {
 	webhooks := []*Webhook{}
-	err := adapter.Engine.Desc("created_time").Find(&webhooks, &Webhook{Owner: owner})
+	err := adapter.Engine.Desc("created_time").Find(&webhooks, &Webhook{Owner: owner, Organization: organization})
 	if err != nil {
 		panic(err)
 	}
@ -62,10 +62,10 @@ func GetWebhooks(owner string) []*Webhook {
 	return webhooks
 }

-func GetPaginationWebhooks(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Webhook {
+func GetPaginationWebhooks(owner, organization string, offset, limit int, field, value, sortField, sortOrder string) []*Webhook {
 	webhooks := []*Webhook{}
 	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
-	err := session.Find(&webhooks)
+	err := session.Find(&webhooks, &Webhook{Organization: organization})
 	if err != nil {
 		panic(err)
 	}
--- a/routers/router.go
+++ b/routers/router.go
@ -184,6 +184,7 @@ func initAPI() {
 	beego.Router("/api/run-syncer", &controllers.ApiController{}, "GET:RunSyncer")

 	beego.Router("/api/get-certs", &controllers.ApiController{}, "GET:GetCerts")
+	beego.Router("/api/get-globle-certs", &controllers.ApiController{}, "GET:GetGlobleCerts")
 	beego.Router("/api/get-cert", &controllers.ApiController{}, "GET:GetCert")
 	beego.Router("/api/update-cert", &controllers.ApiController{}, "POST:UpdateCert")
 	beego.Router("/api/add-cert", &controllers.ApiController{}, "POST:AddCert")
--- a/storage/minio_s3.go
+++ b/storage/minio_s3.go
@ -29,7 +29,7 @@ func NewMinIOS3StorageProvider(clientId string, clientSecret string, region stri
 		Endpoint:         endpoint,
 		S3Endpoint:       endpoint,
 		ACL:              awss3.BucketCannedACLPublicRead,
-		S3ForcePathStyle: true,
+		S3ForcePathStyle: false,
 	})

 	return sp
--- a/web/cypress/e2e/adapter.cy.js
+++ b/web/cypress/e2e/adapter.cy.js
@ -1,16 +1,14 @@
 describe('Test adapter', () => {
    beforeEach(()=>{
-        cy.visit("http://localhost:7001");
        cy.login();
    })
    const selector = {
        add: ".ant-table-title > div > .ant-btn"
      };
    it("test adapter", () => {
-        cy.visit("http://localhost:7001");
        cy.visit("http://localhost:7001/adapters");
        cy.url().should("eq", "http://localhost:7001/adapters");
-        cy.get(selector.add).click();
+        cy.get(selector.add,{timeout:10000}).click();
        cy.url().should("include","http://localhost:7001/adapters/built-in/")
    });
 })
--- a/web/cypress/e2e/application.cy.js
+++ b/web/cypress/e2e/application.cy.js
@ -1,6 +1,5 @@
 describe('Test aplication', () => {
    beforeEach(()=>{
-        cy.visit("http://localhost:7001");
        cy.login();
    })
    it("test aplication", () => {
--- a/web/cypress/e2e/certs.cy.js
+++ b/web/cypress/e2e/certs.cy.js
@ -1,6 +1,5 @@
 describe('Test certs', () => {
    beforeEach(()=>{
-        cy.visit("http://localhost:7001");
        cy.login();
    })
    it("test certs", () => {
--- a/web/cypress/e2e/models.cy.js
+++ b/web/cypress/e2e/models.cy.js
@ -1,6 +1,5 @@
 describe('Test models', () => {
    beforeEach(()=>{
-        cy.visit("http://localhost:7001");
        cy.login();
    })
    it("test org", () => {
--- a/web/cypress/e2e/orgnazition.cy.js
+++ b/web/cypress/e2e/orgnazition.cy.js
@ -1,6 +1,5 @@
 describe('Test Orgnazition', () => {
    beforeEach(()=>{
-        cy.visit("http://localhost:7001");
        cy.login();
    })
    it("test org", () => {
--- a/web/cypress/e2e/payments.cy.js
+++ b/web/cypress/e2e/payments.cy.js
@ -1,16 +1,14 @@
 describe('Test payments', () => {
    beforeEach(()=>{
-        cy.visit("http://localhost:7001");
        cy.login();
    })
    const selector = {
        add: ".ant-table-title > div > .ant-btn"
      };
    it("test payments", () => {
-        cy.visit("http://localhost:7001");
        cy.visit("http://localhost:7001/payments");
        cy.url().should("eq", "http://localhost:7001/payments");
-        cy.get(selector.add).click();
+        cy.get(selector.add,{timeout:10000}).click();
        cy.url().should("include","http://localhost:7001/payments/")
    });
 })
--- a/web/cypress/e2e/permissions.cy.js
+++ b/web/cypress/e2e/permissions.cy.js
@ -1,6 +1,5 @@
 describe('Test permissions', () => {
    beforeEach(()=>{
-        cy.visit("http://localhost:7001");
        cy.login();
    })
    it("test permissions", () => {
--- a/web/cypress/e2e/products.cy.js
+++ b/web/cypress/e2e/products.cy.js
@ -1,16 +1,14 @@
 describe('Test products', () => {
    beforeEach(()=>{
-        cy.visit("http://localhost:7001");
        cy.login();
    })
    const selector = {
        add: ".ant-table-title > div > .ant-btn > span"
      };
    it("test products", () => {
-        cy.visit("http://localhost:7001");
        cy.visit("http://localhost:7001/products");
        cy.url().should("eq", "http://localhost:7001/products");
-        cy.get(selector.add).click();
+        cy.get(selector.add,{timeout:10000}).click();
        cy.url().should("include","http://localhost:7001/products/")
    });
 })
--- a/web/cypress/e2e/providers.cy.js
+++ b/web/cypress/e2e/providers.cy.js
@ -1,6 +1,5 @@
 describe('Test providers', () => {
    beforeEach(()=>{
-        cy.visit("http://localhost:7001");
        cy.login();
    })
    it("test providers", () => {
--- a/web/cypress/e2e/records.cy.js
+++ b/web/cypress/e2e/records.cy.js
@ -1,6 +1,5 @@
 describe('Test records', () => {
    beforeEach(()=>{
-        cy.visit("http://localhost:7001");
        cy.login();
    })
    it("test records", () => {
--- a/web/cypress/e2e/resource.cy.js
+++ b/web/cypress/e2e/resource.cy.js
@ -1,6 +1,5 @@
 describe('Test resource', () => {
    beforeEach(()=>{
-        cy.visit("http://localhost:7001");
        cy.login();
    })
    it("test resource", () => {
--- a/web/cypress/e2e/role.cy.js
+++ b/web/cypress/e2e/role.cy.js
@ -1,6 +1,5 @@
 describe('Test roles', () => {
    beforeEach(()=>{
-        cy.visit("http://localhost:7001");
        cy.login();
    })
    it("test role", () => {
--- a/web/cypress/e2e/sessions.cy.js
+++ b/web/cypress/e2e/sessions.cy.js
@ -1,6 +1,5 @@
 describe('Test sessions', () => {
    beforeEach(()=>{
-        cy.visit("http://localhost:7001");
        cy.login();
    })
    it("test sessions", () => {
--- a/web/cypress/e2e/syncers.cy.js
+++ b/web/cypress/e2e/syncers.cy.js
@ -1,16 +1,14 @@
 describe('Test syncers', () => {
    beforeEach(()=>{
-        cy.visit("http://localhost:7001");
        cy.login();
    })
    const selector = {
        add: ".ant-table-title > div > .ant-btn"
      };
    it("test syncers", () => {
-        cy.visit("http://localhost:7001");
        cy.visit("http://localhost:7001/syncers");
        cy.url().should("eq", "http://localhost:7001/syncers");
-        cy.get(selector.add).click();
+        cy.get(selector.add,{timeout:10000}).click();
        cy.url().should("include","http://localhost:7001/syncers/")
    });
 })
--- a/web/cypress/e2e/sysinfo.cy.js
+++ b/web/cypress/e2e/sysinfo.cy.js
@ -1,6 +1,5 @@
 describe('Test sysinfo', () => {
    beforeEach(()=>{
-        cy.visit("http://localhost:7001");
        cy.login();
    })
    it("test sysinfo", () => {
--- a/web/cypress/e2e/tokens.cy.js
+++ b/web/cypress/e2e/tokens.cy.js
@ -1,16 +1,14 @@
 describe('Test tokens', () => {
    beforeEach(()=>{
-        cy.visit("http://localhost:7001");
        cy.login();
    })
    const selector = {
        add: ".ant-table-title > div > .ant-btn"
      };
    it("test records", () => {
-        cy.visit("http://localhost:7001");
        cy.visit("http://localhost:7001/tokens");
        cy.url().should("eq", "http://localhost:7001/tokens");
-        cy.get(selector.add).click();
+        cy.get(selector.add,{timeout:10000}).click();
        cy.url().should("include","http://localhost:7001/tokens/")
    });
 })
--- a/web/cypress/e2e/user.cy.js
+++ b/web/cypress/e2e/user.cy.js
@ -1,6 +1,5 @@
 describe('Test User', () => {
    beforeEach(()=>{
-        cy.visit("http://localhost:7001");
        cy.login();
    })
    it("test user", () => {
--- a/web/cypress/e2e/webhooks.cy.js
+++ b/web/cypress/e2e/webhooks.cy.js
@ -7,10 +7,10 @@ describe('Test webhooks', () => {
        add: ".ant-table-title > div > .ant-btn"
      };
    it("test webhooks", () => {
-        cy.visit("http://localhost:7001");
+
        cy.visit("http://localhost:7001/webhooks");
        cy.url().should("eq", "http://localhost:7001/webhooks");
-        cy.get(selector.add).click();
-        cy.url().should("include","http://localhost:7001/webhooks/")
+        cy.get(selector.add,{timeout:10000}).click();
+        cy.url().should("include","http://localhost:7001/webhooks/");
    });
 })
--- a/web/cypress/support/commands.js
+++ b/web/cypress/support/commands.js
@ -23,19 +23,15 @@
 //
 // -- This will overwrite an existing command --
 // Cypress.Commands.overwrite('visit', (originalFn, url, options) => { ... })
+const selector = {
+  username: "#input",
+  password: "#normal_login_password",
+  loginButton: ".ant-btn",
+};
 Cypress.Commands.add('login', ()=>{
-    cy.request({
-        method: "POST",
-        url: "http://localhost:7001/api/login",
-        body: {
-          "application": "app-built-in",
-          "organization": "built-in",
-          "username": "admin",
-          "password": "123",
-          "autoSignin": true,
-          "type": "login",
-        },
-      }).then((Response) => {
-        expect(Response).property("body").property("status").to.equal("ok");
-      });
+  cy.visit("http://localhost:7001");
+  cy.get(selector.username).type("admin");
+  cy.get(selector.password).type("123");
+  cy.get(selector.loginButton).click();
+  cy.url().should("eq", "http://localhost:7001/");
 })
--- a/web/src/AdapterEditPage.js
+++ b/web/src/AdapterEditPage.js
@ -47,7 +47,7 @@ class AdapterEditPage extends React.Component {
  }

  getAdapter() {
-    AdapterBackend.getAdapter(this.state.owner, this.state.adapterName)
+    AdapterBackend.getAdapter("admin", this.state.adapterName)
      .then((res) => {
        if (res.status === "ok") {
          this.setState({
@ -60,7 +60,7 @@ class AdapterEditPage extends React.Component {
  }

  getOrganizations() {
-    OrganizationBackend.getOrganizations("admin")
+    OrganizationBackend.getOrganizations(this.state.organizationName)
      .then((res) => {
        this.setState({
          organizations: (res.msg === undefined) ? res : [],
@ -109,7 +109,7 @@ class AdapterEditPage extends React.Component {
            {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
          </Col>
          <Col span={22} >
-            <Select virtual={false} style={{width: "100%"}} value={this.state.adapter.organization} onChange={(value => {
+            <Select virtual={false} style={{width: "100%"}} disabled={!Setting.isAdminUser(this.props.account)} value={this.state.adapter.organization} onChange={(value => {
              this.getModels(value);
              this.updateAdapterField("organization", value);
              this.updateAdapterField("owner", value);
--- a/web/src/AdapterListPage.js
+++ b/web/src/AdapterListPage.js
@ -26,10 +26,10 @@ class AdapterListPage extends BaseListPage {
  newAdapter() {
    const randomName = Setting.getRandomName();
    return {
-      owner: "built-in",
+      owner: "admin",
      name: `adapter_${randomName}`,
      createdTime: moment().format(),
-      organization: "built-in",
+      organization: this.props.account.owner,
      type: "Database",
      host: "localhost",
      port: 3306,
@ -247,7 +247,7 @@ class AdapterListPage extends BaseListPage {
      value = params.type;
    }
    this.setState({loading: true});
-    AdapterBackend.getAdapters("", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    AdapterBackend.getAdapters("admin", Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
        if (res.status === "ok") {
          this.setState({
--- a/web/src/App.js
+++ b/web/src/App.js
@ -410,7 +410,7 @@ class App extends Component {
      ));
    }

-    if (Setting.isAdminUser(this.state.account)) {
+    if (Setting.isLocalAdminUser(this.state.account)) {
      res.push(Setting.getItem(<Link to="/models">{i18next.t("general:Models")}</Link>,
        "/models"
      ));
@ -446,7 +446,7 @@ class App extends Component {
      ));
    }

-    if (Setting.isAdminUser(this.state.account)) {
+    if (Setting.isLocalAdminUser(this.state.account)) {
      res.push(Setting.getItem(<Link to="/tokens">{i18next.t("general:Tokens")}</Link>,
        "/tokens"
      ));
@ -475,11 +475,13 @@ class App extends Component {
        res.push(Setting.getItem(<Link to="/payments">{i18next.t("general:Payments")}</Link>,
          "/payments"
        ));
-
-        res.push(Setting.getItem(<Link to="/sysinfo">{i18next.t("general:System Info")}</Link>,
-          "/sysinfo"
-        ));
      }
+
+    }
+    if (Setting.isAdminUser(this.state.account)) {
+      res.push(Setting.getItem(<Link to="/sysinfo">{i18next.t("general:System Info")}</Link>,
+        "/sysinfo"
+      ));
      res.push(Setting.getItem(<a target="_blank" rel="noreferrer"
        href={Setting.isLocalhost() ? `${Setting.ServerUrl}/swagger` : "/swagger"}>{i18next.t("general:Swagger")}</a>,
      "/swagger"
--- a/web/src/ApplicationEditPage.js
+++ b/web/src/ApplicationEditPage.js
@ -145,7 +145,7 @@ class ApplicationEditPage extends React.Component {
  }

  getCerts() {
-    CertBackend.getCerts("admin")
+    CertBackend.getCerts(this.props.account.owner)
      .then((res) => {
        this.setState({
          certs: (res.msg === undefined) ? res : [],
@ -671,6 +671,27 @@ class ApplicationEditPage extends React.Component {
            </Popover>
          </Col>
        </Row>
+        <Row>
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("application:Form CSS Mobile"), i18next.t("application:Form CSS Mobile - Tooltip"))} :
+          </Col>
+          <Col span={22}>
+            <Popover placement="right" content={
+              <div style={{width: "900px", height: "300px"}} >
+                <CodeMirror value={this.state.application.formCssMobile === "" ? template : this.state.application.formCssMobile}
+                  options={{mode: "css", theme: "material-darker"}}
+                  onBeforeChange={(editor, data, value) => {
+                    this.updateApplicationField("formCssMobile", value);
+                  }}
+                />
+              </div>
+            } title={i18next.t("application:Form CSS Mobile - Edit")} trigger="click">
+              <Input value={this.state.application.formCssMobile} style={{marginBottom: "10px"}} onChange={e => {
+                this.updateApplicationField("formCssMobile", e.target.value);
+              }} />
+            </Popover>
+          </Col>
+        </Row>
        <Row style={{marginTop: "20px"}} >
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
            {Setting.getLabel(i18next.t("application:Form position"), i18next.t("application:Form position - Tooltip"))} :
--- a/web/src/ApplicationListPage.js
+++ b/web/src/ApplicationListPage.js
@ -273,7 +273,7 @@ class ApplicationListPage extends BaseListPage {
    const sortField = params.sortField, sortOrder = params.sortOrder;
    this.setState({loading: true});
    (Setting.isAdminUser(this.props.account) ? ApplicationBackend.getApplications("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder) :
-      ApplicationBackend.getApplicationsByOrganization("admin", this.state.organizationName, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder))
+      ApplicationBackend.getApplicationsByOrganization("admin", this.props.account.organization.name, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder))
      .then((res) => {
        if (res.status === "ok") {
          this.setState({
--- a/web/src/CertEditPage.js
+++ b/web/src/CertEditPage.js
@ -30,6 +30,7 @@ class CertEditPage extends React.Component {
      classes: props,
      certName: props.match.params.certName,
      cert: null,
+      organizations: [],
      mode: props.location.mode !== undefined ? props.location.mode : "edit",
    };
  }
@ -39,7 +40,7 @@ class CertEditPage extends React.Component {
  }

  getCert() {
-    CertBackend.getCert("admin", this.state.certName)
+    CertBackend.getCert(this.props.account.owner, this.state.certName)
      .then((cert) => {
        this.setState({
          cert: cert,
@ -75,6 +76,19 @@ class CertEditPage extends React.Component {
          {this.state.mode === "add" ? <Button style={{marginLeft: "20px"}} onClick={() => this.deleteCert()}>{i18next.t("general:Cancel")}</Button> : null}
        </div>
      } style={(Setting.isMobile()) ? {margin: "5px"} : {}} type="inner">
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} style={{width: "100%"}} disabled={!Setting.isAdminUser(this.props.account)} value={this.state.cert.owner} onChange={(value => {this.updateCertField("owner", value);})}>
+              {Setting.isAdminUser(this.props.account) ? <Option key={"admin"} value={"admin"}>{i18next.t("provider:admin (Shared)")}</Option> : null}
+              {
+                this.state.organizations.map((organization, index) => <Option key={index} value={organization.name}>{organization.name}</Option>)
+              }
+            </Select>
+          </Col>
+        </Row>
        <Row style={{marginTop: "10px"}} >
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
            {Setting.getLabel(i18next.t("general:Name"), i18next.t("general:Name - Tooltip"))} :
--- a/web/src/CertListPage.js
+++ b/web/src/CertListPage.js
@ -26,7 +26,7 @@ class CertListPage extends BaseListPage {
  newCert() {
    const randomName = Setting.getRandomName();
    return {
-      owner: "admin", // this.props.account.certname,
+      owner: this.props.account.owner, // this.props.account.certname,
      name: `cert_${randomName}`,
      createdTime: moment().format(),
      displayName: `New Cert - ${randomName}`,
@ -92,6 +92,14 @@ class CertListPage extends BaseListPage {
          );
        },
      },
+      {
+        title: i18next.t("general:Organization"),
+        dataIndex: "owner",
+        key: "owner",
+        width: "150px",
+        sorter: true,
+        ...this.getColumnSearchProps("organization"),
+      },
      {
        title: i18next.t("general:Created time"),
        dataIndex: "createdTime",
@ -168,8 +176,9 @@ class CertListPage extends BaseListPage {
        render: (text, record, index) => {
          return (
            <div>
-              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/certs/${record.name}`)}>{i18next.t("general:Edit")}</Button>
+              <Button disabled={!Setting.isAdminUser(this.props.account) && (record.owner !== this.props.account.owner)} style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/certs/${record.name}`)}>{i18next.t("general:Edit")}</Button>
              <PopconfirmModal
+                disabled={!Setting.isAdminUser(this.props.account) && (record.owner !== this.props.account.owner)}
                title={i18next.t("general:Sure to delete") + `: ${record.name} ?`}
                onConfirm={() => this.deleteCert(index)}
              >
@ -214,7 +223,8 @@ class CertListPage extends BaseListPage {
      value = params.type;
    }
    this.setState({loading: true});
-    CertBackend.getCerts("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    (Setting.isAdminUser(this.props.account) ? CertBackend.getGlobleCerts(params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+      : CertBackend.getCerts(this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder))
      .then((res) => {
        if (res.status === "ok") {
          this.setState({
--- a/web/src/ChatEditPage.js
+++ b/web/src/ChatEditPage.js
@ -99,7 +99,7 @@ class ChatEditPage extends React.Component {
            {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
          </Col>
          <Col span={22} >
-            <Select virtual={false} style={{width: "100%"}} value={this.state.chat.organization} onChange={(value => {this.updateChatField("organization", value);})}
+            <Select virtual={false} disabled={!Setting.isAdminUser(this.props.account)} style={{width: "100%"}} value={this.state.chat.organization} onChange={(value => {this.updateChatField("organization", value);})}
              options={this.state.organizations.map((organization) => Setting.getOption(organization.name, organization.name))
              } />
          </Col>
--- a/web/src/ChatPage.js
+++ b/web/src/ChatPage.js
@ -51,7 +51,7 @@ class ChatPage extends BaseListPage {
  newMessage(text) {
    const randomName = Setting.getRandomName();
    return {
-      owner: "admin", // this.props.account.messagename,
+      owner: this.props.account.owner, // this.props.account.messagename,
      name: `message_${randomName}`,
      createdTime: moment().format(),
      organization: this.props.account.owner,
--- a/web/src/MessageEditPage.js
+++ b/web/src/MessageEditPage.js
@ -113,7 +113,7 @@ class MessageEditPage extends React.Component {
            {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
          </Col>
          <Col span={22} >
-            <Select virtual={false} style={{width: "100%"}} value={this.state.message.organization} onChange={(value => {this.updateMessageField("organization", value);})}
+            <Select virtual={false} disabled={!Setting.isAdminUser(this.props.account)} style={{width: "100%"}} value={this.state.message.organization} onChange={(value => {this.updateMessageField("organization", value);})}
              options={this.state.organizations.map((organization) => Setting.getOption(organization.name, organization.name))
              } />
          </Col>
--- a/web/src/MessageListPage.js
+++ b/web/src/MessageListPage.js
@ -209,7 +209,7 @@ class MessageListPage extends BaseListPage {
      value = params.type;
    }
    this.setState({loading: true});
-    MessageBackend.getMessages("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    MessageBackend.getMessages("admin", Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
        if (res.status === "ok") {
          this.setState({
--- a/web/src/ModelEditPage.js
+++ b/web/src/ModelEditPage.js
@ -53,7 +53,7 @@ class ModelEditPage extends React.Component {
          model: model,
        });

-        this.getModels(model.owner);
+        this.getModels(model.organization);
      });
  }

@ -107,7 +107,7 @@ class ModelEditPage extends React.Component {
            {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
          </Col>
          <Col span={22} >
-            <Select virtual={false} style={{width: "100%"}} value={this.state.model.owner} onChange={(value => {this.updateModelField("owner", value);})}>
+            <Select virtual={false} style={{width: "100%"}} disabled={!Setting.isAdminUser(this.props.account)} value={this.state.model.owner} onChange={(value => {this.updateModelField("owner", value);})}>
              {
                this.state.organizations.map((organization, index) => <Option key={index} value={organization.name}>{organization.name}</Option>)
              }
--- a/web/src/ModelListPage.js
+++ b/web/src/ModelListPage.js
@ -41,7 +41,7 @@ class ModelListPage extends BaseListPage {
  newModel() {
    const randomName = Setting.getRandomName();
    return {
-      owner: "built-in",
+      owner: this.props.account.owner,
      name: `model_${randomName}`,
      createdTime: moment().format(),
      displayName: `New Model - ${randomName}`,
@ -202,7 +202,7 @@ class ModelListPage extends BaseListPage {
      value = params.type;
    }
    this.setState({loading: true});
-    ModelBackend.getModels("", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    ModelBackend.getModels(Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
        if (res.status === "ok") {
          this.setState({
--- a/web/src/PaymentEditPage.js
+++ b/web/src/PaymentEditPage.js
@ -40,7 +40,7 @@ class PaymentEditPage extends React.Component {
  }

  getPayment() {
-    PaymentBackend.getPayment("admin", this.state.paymentName)
+    PaymentBackend.getPayment(this.props.account.owner, this.state.paymentName)
      .then((payment) => {
        this.setState({
          payment: payment,
--- a/web/src/PaymentListPage.js
+++ b/web/src/PaymentListPage.js
@ -27,13 +27,13 @@ class PaymentListPage extends BaseListPage {
  newPayment() {
    const randomName = Setting.getRandomName();
    return {
-      owner: "admin",
+      owner: this.props.account.owner,
      name: `payment_${randomName}`,
      createdTime: moment().format(),
      displayName: `New Payment - ${randomName}`,
      provider: "provider_pay_paypal",
      type: "PayPal",
-      organization: "built-in",
+      organization: this.props.account.owner,
      user: "admin",
      productName: "computer-1",
      productDisplayName: "A notebook computer",
@ -265,7 +265,7 @@ class PaymentListPage extends BaseListPage {
      value = params.type;
    }
    this.setState({loading: true});
-    PaymentBackend.getPayments("", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    PaymentBackend.getPayments(Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
        if (res.status === "ok") {
          this.setState({
--- a/web/src/PaymentResultPage.js
+++ b/web/src/PaymentResultPage.js
@ -33,7 +33,7 @@ class PaymentResultPage extends React.Component {
  }

  getPayment() {
-    PaymentBackend.getPayment("admin", this.state.paymentName)
+    PaymentBackend.getPayment(this.props.account.owner, this.state.paymentName)
      .then((payment) => {
        this.setState({
          payment: payment,
--- a/web/src/PermissionEditPage.js
+++ b/web/src/PermissionEditPage.js
@ -159,7 +159,7 @@ class PermissionEditPage extends React.Component {
            {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
          </Col>
          <Col span={22} >
-            <Select virtual={false} style={{width: "100%"}} value={this.state.permission.owner} onChange={(owner => {
+            <Select virtual={false} style={{width: "100%"}} disabled={!Setting.isAdminUser(this.props.account)} value={this.state.permission.owner} onChange={(owner => {
              this.updatePermissionField("owner", owner);
              this.getUsers(owner);
              this.getRoles(owner);
--- a/web/src/ProductBuyPage.js
+++ b/web/src/ProductBuyPage.js
@ -40,7 +40,7 @@ class ProductBuyPage extends React.Component {
      return;
    }

-    ProductBackend.getProduct("admin", this.state.productName)
+    ProductBackend.getProduct(this.props.account.owner, this.state.productName)
      .then((product) => {
        this.setState({
          product: product,
--- a/web/src/ProductEditPage.js
+++ b/web/src/ProductEditPage.js
@ -32,6 +32,7 @@ class ProductEditPage extends React.Component {
      productName: props.match.params.productName,
      product: null,
      providers: [],
+      organizations: [],
      mode: props.location.mode !== undefined ? props.location.mode : "edit",
    };
  }
@ -42,7 +43,7 @@ class ProductEditPage extends React.Component {
  }

  getProduct() {
-    ProductBackend.getProduct("admin", this.state.productName)
+    ProductBackend.getProduct(this.props.account.owner, this.state.productName)
      .then((product) => {
        this.setState({
          product: product,
@ -51,7 +52,7 @@ class ProductEditPage extends React.Component {
  }

  getPaymentProviders() {
-    ProviderBackend.getProviders("admin")
+    ProviderBackend.getProviders(this.props.account.owner)
      .then((res) => {
        this.setState({
          providers: res.filter(provider => provider.category === "Payment"),
@ -106,6 +107,18 @@ class ProductEditPage extends React.Component {
            }} />
          </Col>
        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} style={{width: "100%"}} disabled={!Setting.isAdminUser(this.props.account)} value={this.state.product.owner} onChange={(value => {this.updateProductField("owner", value);})}>
+              {
+                this.state.organizations.map((organization, index) => <Option key={index} value={organization.name}>{organization.name}</Option>)
+              }
+            </Select>
+          </Col>
+        </Row>
        <Row style={{marginTop: "20px"}} >
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
            {Setting.getLabel(i18next.t("product:Image"), i18next.t("product:Image - Tooltip"))} :
--- a/web/src/ProductListPage.js
+++ b/web/src/ProductListPage.js
@ -27,7 +27,7 @@ class ProductListPage extends BaseListPage {
  newProduct() {
    const randomName = Setting.getRandomName();
    return {
-      owner: "admin",
+      owner: this.props.account.owner,
      name: `product_${randomName}`,
      createdTime: moment().format(),
      displayName: `New Product - ${randomName}`,
@ -94,6 +94,14 @@ class ProductListPage extends BaseListPage {
          );
        },
      },
+      {
+        title: i18next.t("general:Organization"),
+        dataIndex: "owner",
+        key: "owner",
+        width: "150px",
+        sorter: true,
+        ...this.getColumnSearchProps("organization"),
+      },
      {
        title: i18next.t("general:Created time"),
        dataIndex: "createdTime",
@ -282,7 +290,7 @@ class ProductListPage extends BaseListPage {
      value = params.type;
    }
    this.setState({loading: true});
-    ProductBackend.getProducts("", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    ProductBackend.getProducts(Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
        if (res.status === "ok") {
          this.setState({
--- a/web/src/ProviderListPage.js
+++ b/web/src/ProviderListPage.js
@ -111,7 +111,7 @@ class ProviderListPage extends BaseListPage {
        key: "owner",
        width: "150px",
        sorter: true,
-        ...this.getColumnSearchProps("owner"),
+        ...this.getColumnSearchProps("organization"),
      },
      {
        title: i18next.t("general:Created time"),
@ -210,6 +210,7 @@ class ProviderListPage extends BaseListPage {
              <PopconfirmModal
                title={i18next.t("general:Sure to delete") + `: ${record.name} ?`}
                onConfirm={() => this.deleteProvider(index)}
+                disabled={!Setting.isAdminUser(this.props.account) && (record.owner !== this.props.account.owner)}
              >
              </PopconfirmModal>
            </div>
@ -253,7 +254,7 @@ class ProviderListPage extends BaseListPage {
    }
    this.setState({loading: true});
    (Setting.isAdminUser(this.props.account) ? ProviderBackend.getGlobalProviders(params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
-      : ProviderBackend.getProviders(this.state.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder))
+      : ProviderBackend.getProviders(this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder))
      .then((res) => {
        if (res.status === "ok") {
          this.setState({
--- a/web/src/RecordListPage.js
+++ b/web/src/RecordListPage.js
@ -175,7 +175,7 @@ class RecordListPage extends BaseListPage {
    ];

    if (Setting.isLocalAdminUser(this.props.account)) {
-      columns = columns.filter(column => column.key !== "name" && column.key !== "organization");
+      columns = columns.filter(column => column.key !== "name");
    }

    const paginationProps = {
--- a/web/src/ResourceListPage.js
+++ b/web/src/ResourceListPage.js
@ -288,7 +288,7 @@ class ResourceListPage extends BaseListPage {
    const field = params.searchedColumn, value = params.searchText;
    const sortField = params.sortField, sortOrder = params.sortOrder;
    this.setState({loading: true});
-    ResourceBackend.getResources(this.props.account.owner, this.props.account.name, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    ResourceBackend.getResources("admin", this.props.account.name, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
        if (res.status === "ok") {
          this.setState({
--- a/web/src/RoleEditPage.js
+++ b/web/src/RoleEditPage.js
@ -111,7 +111,7 @@ class RoleEditPage extends React.Component {
            {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
          </Col>
          <Col span={22} >
-            <Select virtual={false} style={{width: "100%"}} value={this.state.role.owner} onChange={(value => {this.updateRoleField("owner", value);})}
+            <Select virtual={false} style={{width: "100%"}} disabled={!Setting.isAdminUser(this.props.account)} value={this.state.role.owner} onChange={(value => {this.updateRoleField("owner", value);})}
              options={this.state.organizations.map((organization) => Setting.getOption(organization.name, organization.name))
              } />
          </Col>
--- a/web/src/SessionListPage.js
+++ b/web/src/SessionListPage.js
@ -134,7 +134,7 @@ class SessionListPage extends BaseListPage {
      value = params.contentType;
    }
    this.setState({loading: true});
-    SessionBackend.getSessions("", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    SessionBackend.getSessions(Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
        if (res.status === "ok") {
          this.setState({
--- a/web/src/SyncerEditPage.js
+++ b/web/src/SyncerEditPage.js
@ -186,7 +186,7 @@ class SyncerEditPage extends React.Component {
            {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
          </Col>
          <Col span={22} >
-            <Select virtual={false} style={{width: "100%"}} value={this.state.syncer.organization} onChange={(value => {this.updateSyncerField("organization", value);})}>
+            <Select virtual={false} style={{width: "100%"}} disabled={!Setting.isAdminUser(this.props.account)} value={this.state.syncer.organization} onChange={(value => {this.updateSyncerField("organization", value);})}>
              {
                this.state.organizations.map((organization, index) => <Option key={index} value={organization.name}>{organization.name}</Option>)
              }
--- a/web/src/SyncerListPage.js
+++ b/web/src/SyncerListPage.js
@ -29,7 +29,7 @@ class SyncerListPage extends BaseListPage {
      owner: "admin",
      name: `syncer_${randomName}`,
      createdTime: moment().format(),
-      organization: "built-in",
+      organization: this.props.account.owner,
      type: "Database",
      host: "localhost",
      port: 3306,
@ -275,7 +275,7 @@ class SyncerListPage extends BaseListPage {
      value = params.type;
    }
    this.setState({loading: true});
-    SyncerBackend.getSyncers("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    SyncerBackend.getSyncers("admin", Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
        if (res.status === "ok") {
          this.setState({
--- a/web/src/SystemInfo.js
+++ b/web/src/SystemInfo.js
@ -33,14 +33,14 @@ class SystemInfo extends React.Component {
  }

  UNSAFE_componentWillMount() {
-    SystemBackend.getSystemInfo().then(res => {
+    SystemBackend.getSystemInfo("").then(res => {
      this.setState({
        systemInfo: res.data,
        loading: false,
      });

      const id = setInterval(() => {
-        SystemBackend.getSystemInfo().then(res => {
+        SystemBackend.getSystemInfo("").then(res => {
          this.setState({
            systemInfo: res.data,
          });
--- a/web/src/TokenEditPage.js
+++ b/web/src/TokenEditPage.js
@ -94,7 +94,7 @@ class TokenEditPage extends React.Component {
            {i18next.t("general:Organization")}:
          </Col>
          <Col span={22} >
-            <Input value={this.state.token.organization} onChange={e => {
+            <Input disabled={!Setting.isAdminUser(this.props.account)} value={this.state.token.organization} onChange={e => {
              this.updateTokenField("organization", e.target.value);
            }} />
          </Col>
--- a/web/src/TokenListPage.js
+++ b/web/src/TokenListPage.js
@ -30,7 +30,7 @@ class TokenListPage extends BaseListPage {
      name: `token_${randomName}`,
      createdTime: moment().format(),
      application: "app-built-in",
-      organization: "built-in",
+      organization: this.props.account.owner,
      user: "admin",
      accessToken: "",
      expiresIn: 7200,
@ -240,7 +240,7 @@ class TokenListPage extends BaseListPage {
    const field = params.searchedColumn, value = params.searchText;
    const sortField = params.sortField, sortOrder = params.sortOrder;
    this.setState({loading: true});
-    TokenBackend.getTokens("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    TokenBackend.getTokens("admin", Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
        if (res.status === "ok") {
          this.setState({
--- a/web/src/WebhookEditPage.js
+++ b/web/src/WebhookEditPage.js
@ -161,7 +161,7 @@ class WebhookEditPage extends React.Component {
            {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
          </Col>
          <Col span={22} >
-            <Select virtual={false} style={{width: "100%"}} value={this.state.webhook.organization} onChange={(value => {this.updateWebhookField("organization", value);})}>
+            <Select virtual={false} style={{width: "100%"}} disabled={!Setting.isAdminUser(this.props.account)} value={this.state.webhook.organization} onChange={(value => {this.updateWebhookField("organization", value);})}>
              {
                this.state.organizations.map((organization, index) => <Option key={index} value={organization.name}>{organization.name}</Option>)
              }
--- a/web/src/WebhookListPage.js
+++ b/web/src/WebhookListPage.js
@ -29,7 +29,7 @@ class WebhookListPage extends BaseListPage {
      owner: "admin", // this.props.account.webhookname,
      name: `webhook_${randomName}`,
      createdTime: moment().format(),
-      organization: "built-in",
+      organization: this.props.account.owner,
      url: "https://example.com/callback",
      method: "POST",
      contentType: "application/json",
@ -240,7 +240,7 @@ class WebhookListPage extends BaseListPage {
      value = params.contentType;
    }
    this.setState({loading: true});
-    WebhookBackend.getWebhooks("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    WebhookBackend.getWebhooks("admin", Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
        if (res.status === "ok") {
          this.setState({
--- a/web/src/auth/LoginPage.js
+++ b/web/src/auth/LoginPage.js
@ -833,6 +833,7 @@ class LoginPage extends React.Component {
        <CustomGithubCorner />
        <div className="login-content" style={{margin: this.props.preview ?? this.parseOffset(application.formOffset)}}>
          {Setting.inIframe() || Setting.isMobile() ? null : <div dangerouslySetInnerHTML={{__html: application.formCss}} />}
+          {Setting.inIframe() || !Setting.isMobile() ? null : <div dangerouslySetInnerHTML={{__html: application.formCssMobile}} />}
          <div className="login-panel">
            <div className="side-image" style={{display: application.formOffset !== 4 ? "none" : null}}>
              <div dangerouslySetInnerHTML={{__html: application.formSideHtml}} />
--- a/web/src/auth/SignupPage.js
+++ b/web/src/auth/SignupPage.js
@ -594,6 +594,7 @@ class SignupPage extends React.Component {
        <CustomGithubCorner />
        <div className="login-content" style={{margin: this.props.preview ?? this.parseOffset(application.formOffset)}}>
          {Setting.inIframe() || Setting.isMobile() ? null : <div dangerouslySetInnerHTML={{__html: application.formCss}} />}
+          {Setting.inIframe() || !Setting.isMobile() ? null : <div dangerouslySetInnerHTML={{__html: application.formCssMobile}} />}
          <div className="login-panel" >
            <div className="side-image" style={{display: application.formOffset !== 4 ? "none" : null}}>
              <div dangerouslySetInnerHTML={{__html: application.formSideHtml}} />
--- a/web/src/backend/AdapterBackend.js
+++ b/web/src/backend/AdapterBackend.js
@ -14,8 +14,8 @@

 import * as Setting from "../Setting";

-export function getAdapters(owner, page = "", pageSize = "", field = "", value = "", sortField = "", sortOrder = "") {
-  return fetch(`${Setting.ServerUrl}/api/get-adapters?owner=${owner}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
+export function getAdapters(owner, organization, page = "", pageSize = "", field = "", value = "", sortField = "", sortOrder = "") {
+  return fetch(`${Setting.ServerUrl}/api/get-adapters?owner=${owner}&organization=${organization}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
    method: "GET",
    credentials: "include",
    headers: {
--- a/web/src/backend/CertBackend.js
+++ b/web/src/backend/CertBackend.js
@ -24,6 +24,16 @@ export function getCerts(owner, page = "", pageSize = "", field = "", value = ""
  }).then(res => res.json());
 }

+export function getGlobleCerts(page = "", pageSize = "", field = "", value = "", sortField = "", sortOrder = "") {
+  return fetch(`${Setting.ServerUrl}/api/get-globle-certs?&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
+    method: "GET",
+    credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
+
 export function getCert(owner, name) {
  return fetch(`${Setting.ServerUrl}/api/get-cert?id=${owner}/${encodeURIComponent(name)}`, {
    method: "GET",
--- a/web/src/backend/MessageBackend.js
+++ b/web/src/backend/MessageBackend.js
@ -14,8 +14,8 @@

 import * as Setting from "../Setting";

-export function getMessages(owner, page = "", pageSize = "", field = "", value = "", sortField = "", sortOrder = "") {
-  return fetch(`${Setting.ServerUrl}/api/get-messages?owner=${owner}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
+export function getMessages(owner, organization, page = "", pageSize = "", field = "", value = "", sortField = "", sortOrder = "") {
+  return fetch(`${Setting.ServerUrl}/api/get-messages?owner=${owner}&organization=${organization}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
    method: "GET",
    credentials: "include",
    headers: {
--- a/web/src/backend/SyncerBackend.js
+++ b/web/src/backend/SyncerBackend.js
@ -14,8 +14,8 @@

 import * as Setting from "../Setting";

-export function getSyncers(owner, page = "", pageSize = "", field = "", value = "", sortField = "", sortOrder = "") {
-  return fetch(`${Setting.ServerUrl}/api/get-syncers?owner=${owner}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
+export function getSyncers(owner, organization, page = "", pageSize = "", field = "", value = "", sortField = "", sortOrder = "") {
+  return fetch(`${Setting.ServerUrl}/api/get-syncers?owner=${owner}&organization=${organization}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
    method: "GET",
    credentials: "include",
    headers: {
--- a/web/src/backend/TokenBackend.js
+++ b/web/src/backend/TokenBackend.js
@ -14,8 +14,8 @@

 import * as Setting from "../Setting";

-export function getTokens(owner, page = "", pageSize = "", field = "", value = "", sortField = "", sortOrder = "") {
-  return fetch(`${Setting.ServerUrl}/api/get-tokens?owner=${owner}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
+export function getTokens(owner, organization = "", page = "", pageSize = "", field = "", value = "", sortField = "", sortOrder = "") {
+  return fetch(`${Setting.ServerUrl}/api/get-tokens?owner=${owner}&organization=${organization}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
    method: "GET",
    credentials: "include",
    headers: {
--- a/web/src/backend/WebhookBackend.js
+++ b/web/src/backend/WebhookBackend.js
@ -14,8 +14,8 @@

 import * as Setting from "../Setting";

-export function getWebhooks(owner, page = "", pageSize = "", field = "", value = "", sortField = "", sortOrder = "") {
-  return fetch(`${Setting.ServerUrl}/api/get-webhooks?owner=${owner}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
+export function getWebhooks(owner, organization, page = "", pageSize = "", field = "", value = "", sortField = "", sortOrder = "") {
+  return fetch(`${Setting.ServerUrl}/api/get-webhooks?owner=${owner}&organization=${organization}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
    method: "GET",
    credentials: "include",
    headers: {
--- a/web/src/locales/de/data.json
+++ b/web/src/locales/de/data.json
@ -48,6 +48,9 @@
    "Form CSS": "Form CSS",
    "Form CSS - Edit": "Form CSS - Bearbeiten",
    "Form CSS - Tooltip": "CSS-Styling der Anmelde-, Registrierungs- und Passwort-vergessen-Seite (z. B. Hinzufügen von Rahmen und Schatten)",
+    "Form CSS Mobile": "Form CSS Mobile",
+    "Form CSS Mobile - Edit": "Form CSS Mobile - Edit",
+    "Form CSS Mobile - Tooltip": "Form CSS Mobile - Tooltip",
    "Form position": "Formposition",
    "Form position - Tooltip": "Position der Anmelde-, Registrierungs- und Passwort-vergessen-Formulare",
    "Grant types": "Grant-Typen",
--- a/web/src/locales/en/data.json
+++ b/web/src/locales/en/data.json
@ -48,6 +48,9 @@
    "Form CSS": "Form CSS",
    "Form CSS - Edit": "Form CSS - Edit",
    "Form CSS - Tooltip": "CSS styling of the signup, signin and forget password forms (e.g. adding borders and shadows)",
+    "Form CSS Mobile": "Form CSS Mobile",
+    "Form CSS Mobile - Edit": "Form CSS Mobile - Edit",
+    "Form CSS Mobile - Tooltip": "Form CSS Mobile - Tooltip",
    "Form position": "Form position",
    "Form position - Tooltip": "Location of the signup, signin and forget password forms",
    "Grant types": "Grant types",
--- a/web/src/locales/es/data.json
+++ b/web/src/locales/es/data.json
@ -48,6 +48,9 @@
    "Form CSS": "Formulario CSS",
    "Form CSS - Edit": "Formulario CSS - Editar",
    "Form CSS - Tooltip": "Estilo CSS de los formularios de registro, inicio de sesión y olvido de contraseña (por ejemplo, agregar bordes y sombras)",
+    "Form CSS Mobile": "Form CSS Mobile",
+    "Form CSS Mobile - Edit": "Form CSS Mobile - Edit",
+    "Form CSS Mobile - Tooltip": "Form CSS Mobile - Tooltip",
    "Form position": "Posición de la Forma",
    "Form position - Tooltip": "Ubicación de los formularios de registro, inicio de sesión y olvido de contraseña",
    "Grant types": "Tipos de subvenciones",
--- a/web/src/locales/fr/data.json
+++ b/web/src/locales/fr/data.json
@ -48,6 +48,9 @@
    "Form CSS": "Formulaire CSS",
    "Form CSS - Edit": "Form CSS - Modifier",
    "Form CSS - Tooltip": "Mise en forme CSS des formulaires d'inscription, de connexion et de récupération de mot de passe (par exemple, en ajoutant des bordures et des ombres)",
+    "Form CSS Mobile": "Form CSS Mobile",
+    "Form CSS Mobile - Edit": "Form CSS Mobile - Edit",
+    "Form CSS Mobile - Tooltip": "Form CSS Mobile - Tooltip",
    "Form position": "Position de formulaire",
    "Form position - Tooltip": "Emplacement des formulaires d'inscription, de connexion et de récupération de mot de passe",
    "Grant types": "Types de subventions",
--- a/web/src/locales/id/data.json
+++ b/web/src/locales/id/data.json
@ -48,6 +48,9 @@
    "Form CSS": "Formulir CSS",
    "Form CSS - Edit": "Formulir CSS - Edit",
    "Form CSS - Tooltip": "Pengaturan CSS dari formulir pendaftaran, masuk, dan lupa kata sandi (misalnya menambahkan batas dan bayangan)",
+    "Form CSS Mobile": "Form CSS Mobile",
+    "Form CSS Mobile - Edit": "Form CSS Mobile - Edit",
+    "Form CSS Mobile - Tooltip": "Form CSS Mobile - Tooltip",
    "Form position": "Posisi formulir",
    "Form position - Tooltip": "Tempat pendaftaran, masuk, dan lupa kata sandi",
    "Grant types": "Jenis-jenis hibah",
--- a/web/src/locales/ja/data.json
+++ b/web/src/locales/ja/data.json
@ -48,6 +48,9 @@
    "Form CSS": "フォームCSS",
    "Form CSS - Edit": "フォームのCSS - 編集",
    "Form CSS - Tooltip": "サインアップ、サインイン、パスワード忘れのフォームのCSSスタイリング（例：境界線や影の追加）",
+    "Form CSS Mobile": "Form CSS Mobile",
+    "Form CSS Mobile - Edit": "Form CSS Mobile - Edit",
+    "Form CSS Mobile - Tooltip": "Form CSS Mobile - Tooltip",
    "Form position": "フォームのポジション",
    "Form position - Tooltip": "登録、ログイン、パスワード忘れフォームの位置",
    "Grant types": "グラント種類",
--- a/web/src/locales/ko/data.json
+++ b/web/src/locales/ko/data.json
@ -48,6 +48,9 @@
    "Form CSS": "CSS 양식",
    "Form CSS - Edit": "폼 CSS - 편집",
    "Form CSS - Tooltip": "가입, 로그인 및 비밀번호를 잊어버린 양식의 CSS 스타일링 (예 : 테두리와 그림자 추가)",
+    "Form CSS Mobile": "Form CSS Mobile",
+    "Form CSS Mobile - Edit": "Form CSS Mobile - Edit",
+    "Form CSS Mobile - Tooltip": "Form CSS Mobile - Tooltip",
    "Form position": "양식 위치",
    "Form position - Tooltip": "가입, 로그인 및 비밀번호 재설정 양식의 위치",
    "Grant types": "Grant types: 부여 유형",
--- a/web/src/locales/ru/data.json
+++ b/web/src/locales/ru/data.json
@ -48,6 +48,9 @@
    "Form CSS": "Форма CSS",
    "Form CSS - Edit": "Форма CSS - Редактирование",
    "Form CSS - Tooltip": "CSS-оформление форм регистрации, входа и восстановления пароля (например, добавление границ и теней)",
+    "Form CSS Mobile": "Form CSS Mobile",
+    "Form CSS Mobile - Edit": "Form CSS Mobile - Edit",
+    "Form CSS Mobile - Tooltip": "Form CSS Mobile - Tooltip",
    "Form position": "Позиция формы",
    "Form position - Tooltip": "Местоположение форм регистрации, входа и восстановления пароля",
    "Grant types": "Типы грантов",
--- a/web/src/locales/vi/data.json
+++ b/web/src/locales/vi/data.json
@ -48,6 +48,9 @@
    "Form CSS": "Mẫu CSS",
    "Form CSS - Edit": "Biểu mẫu CSS - Chỉnh sửa",
    "Form CSS - Tooltip": "Phong cách CSS của các biểu mẫu đăng ký, đăng nhập và quên mật khẩu (ví dụ: thêm đường viền và bóng)",
+    "Form CSS Mobile": "Form CSS Mobile",
+    "Form CSS Mobile - Edit": "Form CSS Mobile - Edit",
+    "Form CSS Mobile - Tooltip": "Form CSS Mobile - Tooltip",
    "Form position": "Vị trí của hình thức",
    "Form position - Tooltip": "Vị trí của các biểu mẫu đăng ký, đăng nhập và quên mật khẩu",
    "Grant types": "Loại hỗ trợ",
--- a/web/src/locales/zh/data.json
+++ b/web/src/locales/zh/data.json
@ -48,6 +48,9 @@
    "Form CSS": "表单CSS",
    "Form CSS - Edit": "编辑表单CSS",
    "Form CSS - Tooltip": "注册、登录、忘记密码等表单的CSS样式（如增加边框和阴影）",
+    "Form CSS Mobile": "表单CSS（移动端）",
+    "Form CSS Mobile - Edit": "编辑表单CSS（移动端）",
+    "Form CSS Mobile - Tooltip": "注册、登录、忘记密码等表单的CSS样式（如增加边框和阴影）（移动端）",
    "Form position": "表单位置",
    "Form position - Tooltip": "注册、登录、忘记密码等表单的位置",
    "Grant types": "OAuth授权类型",
Author	SHA1	Message	Date
1307	c6675ee4e6	feat: AI responses support streaming (#1826 ) Is an AI response that supports streaming return	2023-05-13 11:31:20 +08:00
Yang Luo	6f0b7f3f24	Support modelId arg in Enforce() API	2023-05-12 21:39:57 +08:00
Yang Luo	776a682fae	Improve args of Enforce() API	2023-05-12 21:32:48 +08:00
Yang Luo	96a3db21a1	Support LDAP search by user tag	2023-05-12 13:03:43 +08:00
Yang Luo	c33d537ac1	Add formCssMobile to application	2023-05-12 12:16:03 +08:00
Yang Luo	5214d48486	Fix authorized issue of UploadResource() API	2023-05-12 01:00:06 +08:00
Yang Luo	e360b06d12	Fix termsOfUse upload in application edit page	2023-05-10 23:57:03 +08:00
Yang Luo	3c871c38df	Fix message and chat owner bug	2023-05-10 22:32:32 +08:00
jakiuncle	7df043fb15	fix: fix cypress error (#1817 ) * fix: fix cypress error * fix: fix cypress error * fix: fix cypress error * fix: fix cypress error * fix: fix cypress error * fix: fix cypress error * fix: fix cypress error * fix: fix cypress error * fix: fix cypress error	2023-05-09 20:51:07 +08:00
XDTD	cb542ae46a	feat: fix org admin permissions (#1822 )	2023-05-09 00:06:52 +08:00
imp2002	3699177837	fix: fix URL path in MinIO storage provider(#1818 )	2023-05-08 16:48:56 +08:00