mirror of
https://github.com/casdoor/casdoor.git
synced 2025-08-08 22:17:53 +08:00
Compare commits
6 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
59da104463 | ||
|
|
c5bb916651 | ||
|
|
e98264f957 | ||
|
|
6a952952a8 | ||
|
|
ba8a0f36be | ||
|
|
b5e9084e5d |
@@ -52,14 +52,6 @@ func (c *ApiController) GetResources() {
|
||||
sortField := c.Input().Get("sortField")
|
||||
sortOrder := c.Input().Get("sortOrder")
|
||||
|
||||
userObj, ok := c.RequireSignedInUser()
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
if userObj.IsAdmin {
|
||||
user = ""
|
||||
}
|
||||
|
||||
if limit == "" || page == "" {
|
||||
resources, err := object.GetResources(owner, user)
|
||||
if err != nil {
|
||||
|
||||
@@ -281,14 +281,21 @@ func GetApplication(id string) (*Application, error) {
|
||||
}
|
||||
|
||||
func GetMaskedApplication(application *Application, userId string) *Application {
|
||||
if isUserIdGlobalAdmin(userId) {
|
||||
return application
|
||||
}
|
||||
|
||||
if application == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
if userId != "" {
|
||||
if isUserIdGlobalAdmin(userId) {
|
||||
return application
|
||||
}
|
||||
|
||||
user, _ := GetUser(userId)
|
||||
if user != nil && user.IsApplicationAdmin(application) {
|
||||
return application
|
||||
}
|
||||
}
|
||||
|
||||
if application.ClientSecret != "" {
|
||||
application.ClientSecret = "***"
|
||||
}
|
||||
|
||||
@@ -135,12 +135,18 @@ func GetMaskedLdaps(ldaps []*Ldap, errs ...error) ([]*Ldap, error) {
|
||||
}
|
||||
|
||||
func UpdateLdap(ldap *Ldap) (bool, error) {
|
||||
if l, err := GetLdap(ldap.Id); err != nil {
|
||||
var l *Ldap
|
||||
var err error
|
||||
if l, err = GetLdap(ldap.Id); err != nil {
|
||||
return false, nil
|
||||
} else if l == nil {
|
||||
return false, nil
|
||||
}
|
||||
|
||||
if ldap.Password == "***" {
|
||||
ldap.Password = l.Password
|
||||
}
|
||||
|
||||
affected, err := adapter.Engine.ID(ldap.Id).Cols("owner", "server_name", "host",
|
||||
"port", "enable_ssl", "username", "password", "base_dn", "filter", "filter_fields", "auto_sync").Update(ldap)
|
||||
if err != nil {
|
||||
|
||||
@@ -112,7 +112,7 @@ func getPermission(owner string, name string) (*Permission, error) {
|
||||
}
|
||||
|
||||
func GetPermission(id string) (*Permission, error) {
|
||||
owner, name := util.GetOwnerAndNameFromId(id)
|
||||
owner, name := util.GetOwnerAndNameFromIdNoCheck(id)
|
||||
return getPermission(owner, name)
|
||||
}
|
||||
|
||||
@@ -149,7 +149,7 @@ func UpdatePermission(id string, permission *Permission) (bool, error) {
|
||||
return false, err
|
||||
}
|
||||
|
||||
owner, name := util.GetOwnerAndNameFromId(id)
|
||||
owner, name := util.GetOwnerAndNameFromIdNoCheck(id)
|
||||
oldPermission, err := getPermission(owner, name)
|
||||
if oldPermission == nil {
|
||||
return false, nil
|
||||
|
||||
@@ -82,12 +82,12 @@ func getRole(owner string, name string) (*Role, error) {
|
||||
}
|
||||
|
||||
func GetRole(id string) (*Role, error) {
|
||||
owner, name := util.GetOwnerAndNameFromId(id)
|
||||
owner, name := util.GetOwnerAndNameFromIdNoCheck(id)
|
||||
return getRole(owner, name)
|
||||
}
|
||||
|
||||
func UpdateRole(id string, role *Role) (bool, error) {
|
||||
owner, name := util.GetOwnerAndNameFromId(id)
|
||||
owner, name := util.GetOwnerAndNameFromIdNoCheck(id)
|
||||
oldRole, err := getRole(owner, name)
|
||||
if err != nil {
|
||||
return false, err
|
||||
|
||||
@@ -860,3 +860,11 @@ func AddUserkeys(user *User, isAdmin bool) (bool, error) {
|
||||
|
||||
return UpdateUser(user.GetId(), user, []string{}, isAdmin)
|
||||
}
|
||||
|
||||
func (user *User) IsApplicationAdmin(application *Application) bool {
|
||||
if user == nil {
|
||||
return false
|
||||
}
|
||||
|
||||
return (user.Owner == application.Organization && user.IsAdmin) || user.IsGlobalAdmin
|
||||
}
|
||||
|
||||
@@ -69,7 +69,7 @@ func getObject(ctx *context.Context) (string, string) {
|
||||
// query == "?id=built-in/admin"
|
||||
id := ctx.Input.Query("id")
|
||||
if id != "" {
|
||||
return util.GetOwnerAndNameFromId(id)
|
||||
return util.GetOwnerAndNameFromIdNoCheck(id)
|
||||
}
|
||||
|
||||
owner := ctx.Input.Query("owner")
|
||||
|
||||
@@ -30,7 +30,7 @@ class PermissionEditPage extends React.Component {
|
||||
this.state = {
|
||||
classes: props,
|
||||
organizationName: props.organizationName !== undefined ? props.organizationName : props.match.params.organizationName,
|
||||
permissionName: props.match.params.permissionName,
|
||||
permissionName: decodeURIComponent(props.match.params.permissionName),
|
||||
permission: null,
|
||||
organizations: [],
|
||||
model: null,
|
||||
@@ -320,7 +320,7 @@ class PermissionEditPage extends React.Component {
|
||||
{Setting.getLabel(i18next.t("permission:Actions"), i18next.t("permission:Actions - Tooltip"))} :
|
||||
</Col>
|
||||
<Col span={22} >
|
||||
<Select virtual={false} mode="multiple" style={{width: "100%"}} value={this.state.permission.actions} onChange={(value => {
|
||||
<Select virtual={false} mode={(this.state.permission.resourceType === "Custom") ? "tags" : "multiple"} style={{width: "100%"}} value={this.state.permission.actions} onChange={(value => {
|
||||
this.updatePermissionField("actions", value);
|
||||
})}
|
||||
options={[
|
||||
@@ -449,7 +449,7 @@ class PermissionEditPage extends React.Component {
|
||||
if (willExist) {
|
||||
this.props.history.push("/permissions");
|
||||
} else {
|
||||
this.props.history.push(`/permissions/${this.state.permission.owner}/${this.state.permission.name}`);
|
||||
this.props.history.push(`/permissions/${this.state.permission.owner}/${encodeURIComponent(this.state.permission.name)}`);
|
||||
}
|
||||
} else {
|
||||
Setting.showMessage("error", `${i18next.t("general:Failed to save")}: ${res.msg}`);
|
||||
|
||||
@@ -128,7 +128,7 @@ class PermissionListPage extends BaseListPage {
|
||||
...this.getColumnSearchProps("name"),
|
||||
render: (text, record, index) => {
|
||||
return (
|
||||
<Link to={`/permissions/${record.owner}/${text}`}>
|
||||
<Link to={`/permissions/${record.owner}/${encodeURIComponent(text)}`}>
|
||||
{text}
|
||||
</Link>
|
||||
);
|
||||
@@ -336,7 +336,7 @@ class PermissionListPage extends BaseListPage {
|
||||
render: (text, record, index) => {
|
||||
return (
|
||||
<div>
|
||||
<Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/permissions/${record.owner}/${record.name}`)}>{i18next.t("general:Edit")}</Button>
|
||||
<Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/permissions/${record.owner}/${encodeURIComponent(record.name)}`)}>{i18next.t("general:Edit")}</Button>
|
||||
<PopconfirmModal
|
||||
title={i18next.t("general:Sure to delete") + `: ${record.name} ?`}
|
||||
onConfirm={() => this.deletePermission(index)}
|
||||
|
||||
@@ -148,7 +148,7 @@ class PlanListPage extends BaseListPage {
|
||||
...this.getColumnSearchProps("role"),
|
||||
render: (text, record, index) => {
|
||||
return (
|
||||
<Link to={`/roles/${text}`}>
|
||||
<Link to={`/roles/${encodeURIComponent(text)}`}>
|
||||
{text}
|
||||
</Link>
|
||||
);
|
||||
|
||||
@@ -26,7 +26,7 @@ class RoleEditPage extends React.Component {
|
||||
this.state = {
|
||||
classes: props,
|
||||
organizationName: props.organizationName !== undefined ? props.organizationName : props.match.params.organizationName,
|
||||
roleName: props.match.params.roleName,
|
||||
roleName: decodeURIComponent(props.match.params.roleName),
|
||||
role: null,
|
||||
organizations: [],
|
||||
users: [],
|
||||
@@ -225,7 +225,7 @@ class RoleEditPage extends React.Component {
|
||||
if (willExist) {
|
||||
this.props.history.push("/roles");
|
||||
} else {
|
||||
this.props.history.push(`/roles/${this.state.role.owner}/${this.state.role.name}`);
|
||||
this.props.history.push(`/roles/${this.state.role.owner}/${encodeURIComponent(this.state.role.name)}`);
|
||||
}
|
||||
} else {
|
||||
Setting.showMessage("error", `${i18next.t("general:Failed to save")}: ${res.msg}`);
|
||||
|
||||
@@ -121,7 +121,7 @@ class RoleListPage extends BaseListPage {
|
||||
...this.getColumnSearchProps("name"),
|
||||
render: (text, record, index) => {
|
||||
return (
|
||||
<Link to={`/roles/${record.owner}/${record.name}`}>
|
||||
<Link to={`/roles/${record.owner}/${encodeURIComponent(record.name)}`}>
|
||||
{text}
|
||||
</Link>
|
||||
);
|
||||
@@ -213,7 +213,7 @@ class RoleListPage extends BaseListPage {
|
||||
render: (text, record, index) => {
|
||||
return (
|
||||
<div>
|
||||
<Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/roles/${record.owner}/${record.name}`)}>{i18next.t("general:Edit")}</Button>
|
||||
<Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/roles/${record.owner}/${encodeURIComponent(record.name)}`)}>{i18next.t("general:Edit")}</Button>
|
||||
<PopconfirmModal
|
||||
title={i18next.t("general:Sure to delete") + `: ${record.name} ?`}
|
||||
onConfirm={() => this.deleteRole(index)}
|
||||
|
||||
@@ -85,17 +85,17 @@ class PricingPage extends React.Component {
|
||||
}
|
||||
|
||||
PricingBackend.getPricing(this.state.owner, pricingName)
|
||||
.then((result) => {
|
||||
if (result.status === "error") {
|
||||
Setting.showMessage("error", result.msg);
|
||||
.then((res) => {
|
||||
if (res.status === "error") {
|
||||
Setting.showMessage("error", res.msg);
|
||||
return;
|
||||
}
|
||||
|
||||
this.setState({
|
||||
loading: false,
|
||||
pricing: result,
|
||||
pricing: res.data,
|
||||
});
|
||||
this.onUpdatePricing(result);
|
||||
this.onUpdatePricing(res.data);
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user