fix: fix paypal payment provider and refactor payment code (#2159)

* feat: support paypal payment provider

* feat: support paypal flow

* feat: use owner replace org for payment

* feat: update paypal logic

* feat: gofumpt

* feat: update payment

* fix: fix notify

* feat: delete log

authz/authz.go

@@ -18,56 +18,22 @@ import (
 	"strings"
 
 	"github.com/casbin/casbin/v2"
-	"github.com/casbin/casbin/v2/model"
 	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
-	xormadapter "github.com/casdoor/xorm-adapter/v3"
 	stringadapter "github.com/qiangmzsx/string-adapter/v2"
 )
 
 var Enforcer *casbin.Enforcer
 
-func InitAuthz() {
+func InitApi() {
 	var err error
 
-	tableNamePrefix := conf.GetConfigString("tableNamePrefix")
-	driverName := conf.GetConfigString("driverName")
-	dataSourceName := conf.GetConfigRealDataSourceName(driverName)
-	a, err := xormadapter.NewAdapterWithTableName(driverName, dataSourceName, "casbin_rule", tableNamePrefix, true)
+	e, err := object.GetEnforcer(util.GetId("built-in", "api-enforcer-built-in"))
 	if err != nil {
 		panic(err)
 	}
-
-	modelText := `
-[request_definition]
-r = subOwner, subName, method, urlPath, objOwner, objName
-
-[policy_definition]
-p = subOwner, subName, method, urlPath, objOwner, objName
-
-[role_definition]
-g = _, _
-
-[policy_effect]
-e = some(where (p.eft == allow))
-
-[matchers]
-m = (r.subOwner == p.subOwner || p.subOwner == "*") && \
-    (r.subName == p.subName || p.subName == "*" || r.subName != "anonymous" && p.subName == "!anonymous") && \
-    (r.method == p.method || p.method == "*") && \
-    (r.urlPath == p.urlPath || p.urlPath == "*") && \
-    (r.objOwner == p.objOwner || p.objOwner == "*") && \
-    (r.objName == p.objName || p.objName == "*") || \
-    (r.subOwner == r.objOwner && r.subName == r.objName)
-`
-
-	m, err := model.NewModelFromString(modelText)
-	if err != nil {
-		panic(err)
-	}
-
-	Enforcer, err = casbin.NewEnforcer(m, a)
+	Enforcer, err = e.InitEnforcer()
 	if err != nil {
 		panic(err)
 	}

controllers/account.go

@@ -290,10 +290,11 @@ func (c *ApiController) Logout() {
 		c.ResponseOk(user, application.HomepageUrl)
 		return
 	} else {
-		if redirectUri == "" {
-			c.ResponseError(c.T("general:Missing parameter") + ": post_logout_redirect_uri")
-			return
-		}
+		// "post_logout_redirect_uri" has been made optional, see: https://github.com/casdoor/casdoor/issues/2151
+		// if redirectUri == "" {
+		// 	c.ResponseError(c.T("general:Missing parameter") + ": post_logout_redirect_uri")
+		// 	return
+		// }
 		if accessToken == "" {
 			c.ResponseError(c.T("general:Missing parameter") + ": id_token_hint")
 			return

controllers/adapter.go

@@ -23,14 +23,14 @@ import (
 	xormadapter "github.com/casdoor/xorm-adapter/v3"
 )
 
-// GetCasbinAdapters
-// @Title GetCasbinAdapters
+// GetAdapters
+// @Title GetAdapters
 // @Tag Adapter API
 // @Description get adapters
 // @Param   owner     query    string  true        "The owner of adapters"
 // @Success 200 {array} object.Adapter The Response object
 // @router /get-adapters [get]
-func (c *ApiController) GetCasbinAdapters() {
+func (c *ApiController) GetAdapters() {
 	owner := c.Input().Get("owner")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
@@ -40,7 +40,7 @@ func (c *ApiController) GetCasbinAdapters() {
 	sortOrder := c.Input().Get("sortOrder")
 
 	if limit == "" || page == "" {
-		adapters, err := object.GetCasbinAdapters(owner)
+		adapters, err := object.GetAdapters(owner)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
@@ -49,14 +49,14 @@ func (c *ApiController) GetCasbinAdapters() {
 		c.ResponseOk(adapters)
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetCasbinAdapterCount(owner, field, value)
+		count, err := object.GetAdapterCount(owner, field, value)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 
 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		adapters, err := object.GetPaginationCasbinAdapters(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
+		adapters, err := object.GetPaginationAdapters(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
@@ -66,17 +66,17 @@ func (c *ApiController) GetCasbinAdapters() {
 	}
 }
 
-// GetCasbinAdapter
-// @Title GetCasbinAdapter
+// GetAdapter
+// @Title GetAdapter
 // @Tag Adapter API
 // @Description get adapter
 // @Param   id     query    string  true        "The id ( owner/name ) of the adapter"
 // @Success 200 {object} object.Adapter The Response object
 // @router /get-adapter [get]
-func (c *ApiController) GetCasbinAdapter() {
+func (c *ApiController) GetAdapter() {
 	id := c.Input().Get("id")
 
-	adapter, err := object.GetCasbinAdapter(id)
+	adapter, err := object.GetAdapter(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -85,75 +85,75 @@ func (c *ApiController) GetCasbinAdapter() {
 	c.ResponseOk(adapter)
 }
 
-// UpdateCasbinAdapter
-// @Title UpdateCasbinAdapter
+// UpdateAdapter
+// @Title UpdateAdapter
 // @Tag Adapter API
 // @Description update adapter
 // @Param   id     query    string  true        "The id ( owner/name ) of the adapter"
 // @Param   body    body   object.Adapter  true        "The details of the adapter"
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-adapter [post]
-func (c *ApiController) UpdateCasbinAdapter() {
+func (c *ApiController) UpdateAdapter() {
 	id := c.Input().Get("id")
 
-	var casbinAdapter object.CasbinAdapter
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &casbinAdapter)
+	var adapter object.Adapter
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &adapter)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 
-	c.Data["json"] = wrapActionResponse(object.UpdateCasbinAdapter(id, &casbinAdapter))
+	c.Data["json"] = wrapActionResponse(object.UpdateAdapter(id, &adapter))
 	c.ServeJSON()
 }
 
-// AddCasbinAdapter
-// @Title AddCasbinAdapter
+// AddAdapter
+// @Title AddAdapter
 // @Tag Adapter API
 // @Description add adapter
 // @Param   body    body   object.Adapter  true        "The details of the adapter"
 // @Success 200 {object} controllers.Response The Response object
 // @router /add-adapter [post]
-func (c *ApiController) AddCasbinAdapter() {
-	var casbinAdapter object.CasbinAdapter
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &casbinAdapter)
+func (c *ApiController) AddAdapter() {
+	var adapter object.Adapter
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &adapter)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 
-	c.Data["json"] = wrapActionResponse(object.AddCasbinAdapter(&casbinAdapter))
+	c.Data["json"] = wrapActionResponse(object.AddAdapter(&adapter))
 	c.ServeJSON()
 }
 
-// DeleteCasbinAdapter
-// @Title DeleteCasbinAdapter
+// DeleteAdapter
+// @Title DeleteAdapter
 // @Tag Adapter API
 // @Description delete adapter
 // @Param   body    body   object.Adapter  true        "The details of the adapter"
 // @Success 200 {object} controllers.Response The Response object
 // @router /delete-adapter [post]
-func (c *ApiController) DeleteCasbinAdapter() {
-	var casbinAdapter object.CasbinAdapter
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &casbinAdapter)
+func (c *ApiController) DeleteAdapter() {
+	var adapter object.Adapter
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &adapter)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 
-	c.Data["json"] = wrapActionResponse(object.DeleteCasbinAdapter(&casbinAdapter))
+	c.Data["json"] = wrapActionResponse(object.DeleteAdapter(&adapter))
 	c.ServeJSON()
 }
 
-func (c *ApiController) SyncPolicies() {
+func (c *ApiController) GetPolicies() {
 	id := c.Input().Get("id")
-	adapter, err := object.GetCasbinAdapter(id)
+	adapter, err := object.GetAdapter(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 
-	policies, err := object.SyncPolicies(adapter)
+	policies, err := object.GetPolicies(adapter)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -164,7 +164,7 @@ func (c *ApiController) SyncPolicies() {
 
 func (c *ApiController) UpdatePolicy() {
 	id := c.Input().Get("id")
-	adapter, err := object.GetCasbinAdapter(id)
+	adapter, err := object.GetAdapter(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -188,7 +188,7 @@ func (c *ApiController) UpdatePolicy() {
 
 func (c *ApiController) AddPolicy() {
 	id := c.Input().Get("id")
-	adapter, err := object.GetCasbinAdapter(id)
+	adapter, err := object.GetAdapter(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -212,7 +212,7 @@ func (c *ApiController) AddPolicy() {
 
 func (c *ApiController) RemovePolicy() {
 	id := c.Input().Get("id")
-	adapter, err := object.GetCasbinAdapter(id)
+	adapter, err := object.GetAdapter(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return

controllers/enforcer.go

@@ -61,7 +61,7 @@ func (c *ApiController) GetEnforcers() {
 			return
 		}
 
-		c.ResponseOk(enforcers)
+		c.ResponseOk(enforcers, paginator.Nums())
 	}
 }
 

controllers/payment.go

@@ -31,7 +31,6 @@ import (
 // @router /get-payments [get]
 func (c *ApiController) GetPayments() {
 	owner := c.Input().Get("owner")
-	organization := c.Input().Get("organization")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
@@ -49,14 +48,14 @@ func (c *ApiController) GetPayments() {
 		c.ResponseOk(payments)
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetPaymentCount(owner, organization, field, value)
+		count, err := object.GetPaymentCount(owner, field, value)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 
 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		payments, err := object.GetPaginationPayments(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
+		payments, err := object.GetPaginationPayments(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
@@ -77,10 +76,9 @@ func (c *ApiController) GetPayments() {
 // @router /get-user-payments [get]
 func (c *ApiController) GetUserPayments() {
 	owner := c.Input().Get("owner")
-	organization := c.Input().Get("organization")
 	user := c.Input().Get("user")
 
-	payments, err := object.GetUserPayments(owner, organization, user)
+	payments, err := object.GetUserPayments(owner, user)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -177,24 +175,18 @@ func (c *ApiController) DeletePayment() {
 // @router /notify-payment [post]
 func (c *ApiController) NotifyPayment() {
 	owner := c.Ctx.Input.Param(":owner")
-	providerName := c.Ctx.Input.Param(":provider")
-	productName := c.Ctx.Input.Param(":product")
 	paymentName := c.Ctx.Input.Param(":payment")
 	orderId := c.Ctx.Input.Param("order")
 
 	body := c.Ctx.Input.RequestBody
 
-	err, errorResponse := object.NotifyPayment(c.Ctx.Request, body, owner, providerName, productName, paymentName, orderId)
-
-	_, err2 := c.Ctx.ResponseWriter.Write([]byte(errorResponse))
-	if err2 != nil {
-		panic(err2)
-	}
-
+	payment, err := object.NotifyPayment(c.Ctx.Request, body, owner, paymentName, orderId)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
+
+	c.ResponseOk(payment)
 }
 
 // InvoicePayment

controllers/resource.go

@@ -52,14 +52,6 @@ func (c *ApiController) GetResources() {
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 
-	userObj, ok := c.RequireSignedInUser()
-	if !ok {
-		return
-	}
-	if userObj.IsAdmin {
-		user = ""
-	}
-
 	if limit == "" || page == "" {
 		resources, err := object.GetResources(owner, user)
 		if err != nil {

controllers/webhook.go

@@ -26,9 +26,10 @@ import (
 // @Title GetWebhooks
 // @Tag Webhook API
 // @Description get webhooks
-// @Param   owner     query    string  true        "The owner of webhooks"
+// @Param   owner     query    string  built-in/admin	true        "The owner of webhooks"
 // @Success 200 {array} object.Webhook The Response object
 // @router /get-webhooks [get]
+// @Security test_apiKey
 func (c *ApiController) GetWebhooks() {
 	owner := c.Input().Get("owner")
 	limit := c.Input().Get("pageSize")
@@ -71,7 +72,7 @@ func (c *ApiController) GetWebhooks() {
 // @Title GetWebhook
 // @Tag Webhook API
 // @Description get webhook
-// @Param   id     query    string  true        "The id ( owner/name ) of the webhook"
+// @Param   id     query    string  built-in/admin	true        "The id ( owner/name ) of the webhook"
 // @Success 200 {object} object.Webhook The Response object
 // @router /get-webhook [get]
 func (c *ApiController) GetWebhook() {
@@ -90,7 +91,7 @@ func (c *ApiController) GetWebhook() {
 // @Title UpdateWebhook
 // @Tag Webhook API
 // @Description update webhook
-// @Param   id     query    string  true        "The id ( owner/name ) of the webhook"
+// @Param   id     query    string  built-in/admin true        "The id ( owner/name ) of the webhook"
 // @Param   body    body   object.Webhook  true        "The details of the webhook"
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-webhook [post]

main.go

@@ -48,7 +48,7 @@ func main() {
 	object.InitDefaultStorageProvider()
 	object.InitLdapAutoSynchronizer()
 	proxy.InitHttpClient()
-	authz.InitAuthz()
+	authz.InitApi()
 
 	util.SafeGoroutine(func() { object.RunSyncUsersJob() })
 
@@ -62,7 +62,7 @@ func main() {
 	beego.InsertFilter("*", beego.BeforeRouter, routers.StaticFilter)
 	beego.InsertFilter("*", beego.BeforeRouter, routers.AutoSigninFilter)
 	beego.InsertFilter("*", beego.BeforeRouter, routers.CorsFilter)
-	beego.InsertFilter("*", beego.BeforeRouter, routers.AuthzFilter)
+	beego.InsertFilter("*", beego.BeforeRouter, routers.ApiFilter)
 	beego.InsertFilter("*", beego.BeforeRouter, routers.PrometheusFilter)
 	beego.InsertFilter("*", beego.BeforeRouter, routers.RecordMessage)
 

object/adapter.go

@@ -1,4 +1,4 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
+// Copyright 2022 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -15,365 +15,311 @@
 package object
 
 import (
-	"database/sql"
 	"fmt"
-	"runtime"
 	"strings"
 
-	"github.com/beego/beego"
+	"github.com/casbin/casbin/v2/model"
 	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/util"
 	xormadapter "github.com/casdoor/xorm-adapter/v3"
-	_ "github.com/denisenkom/go-mssqldb" // db = mssql
-	_ "github.com/go-sql-driver/mysql"   // db = mysql
-	_ "github.com/lib/pq"                // db = postgres
 	"github.com/xorm-io/core"
-	"github.com/xorm-io/xorm"
-	_ "modernc.org/sqlite" // db = sqlite
 )
 
-var adapter *Adapter
-
-func InitConfig() {
-	err := beego.LoadAppConfig("ini", "../conf/app.conf")
-	if err != nil {
-		panic(err)
-	}
-
-	beego.BConfig.WebConfig.Session.SessionOn = true
-
-	InitAdapter(true)
-	CreateTables(true)
-	DoMigration()
-}
-
-func InitAdapter(createDatabase bool) {
-	if createDatabase {
-		err := createDatabaseForPostgres(conf.GetConfigString("driverName"), conf.GetConfigDataSourceName(), conf.GetConfigString("dbName"))
-		if err != nil {
-			panic(err)
-		}
-	}
-
-	adapter = NewAdapter(conf.GetConfigString("driverName"), conf.GetConfigDataSourceName(), conf.GetConfigString("dbName"))
-
-	tableNamePrefix := conf.GetConfigString("tableNamePrefix")
-	tbMapper := core.NewPrefixMapper(core.SnakeMapper{}, tableNamePrefix)
-	adapter.Engine.SetTableMapper(tbMapper)
-}
-
-func CreateTables(createDatabase bool) {
-	if createDatabase {
-		err := adapter.CreateDatabase()
-		if err != nil {
-			panic(err)
-		}
-	}
-
-	adapter.createTable()
-}
-
-// Adapter represents the MySQL adapter for policy storage.
 type Adapter struct {
-	driverName     string
-	dataSourceName string
-	dbName         string
-	Engine         *xorm.Engine
+	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
+	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
+	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
+
+	Type            string `xorm:"varchar(100)" json:"type"`
+	DatabaseType    string `xorm:"varchar(100)" json:"databaseType"`
+	Host            string `xorm:"varchar(100)" json:"host"`
+	Port            string `xorm:"varchar(20)" json:"port"`
+	User            string `xorm:"varchar(100)" json:"user"`
+	Password        string `xorm:"varchar(100)" json:"password"`
+	Database        string `xorm:"varchar(100)" json:"database"`
+	Table           string `xorm:"varchar(100)" json:"table"`
+	TableNamePrefix string `xorm:"varchar(100)" json:"tableNamePrefix"`
+	File            string `xorm:"varchar(100)" json:"file"`
+
+	IsEnabled bool `json:"isEnabled"`
+
+	*xormadapter.Adapter `xorm:"-" json:"-"`
 }
 
-// finalizer is the destructor for Adapter.
-func finalizer(a *Adapter) {
-	err := a.Engine.Close()
+func GetAdapterCount(owner, field, value string) (int64, error) {
+	session := GetSession(owner, -1, -1, field, value, "", "")
+	return session.Count(&Adapter{})
+}
+
+func GetAdapters(owner string) ([]*Adapter, error) {
+	adapters := []*Adapter{}
+	err := ormer.Engine.Desc("created_time").Find(&adapters, &Adapter{Owner: owner})
 	if err != nil {
-		panic(err)
+		return adapters, err
+	}
+
+	return adapters, nil
+}
+
+func GetPaginationAdapters(owner string, offset, limit int, field, value, sortField, sortOrder string) ([]*Adapter, error) {
+	adapters := []*Adapter{}
+	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
+	err := session.Find(&adapters)
+	if err != nil {
+		return adapters, err
+	}
+
+	return adapters, nil
+}
+
+func getAdapter(owner, name string) (*Adapter, error) {
+	if owner == "" || name == "" {
+		return nil, nil
+	}
+
+	adapter := Adapter{Owner: owner, Name: name}
+	existed, err := ormer.Engine.Get(&adapter)
+	if err != nil {
+		return nil, err
+	}
+
+	if existed {
+		return &adapter, nil
+	} else {
+		return nil, nil
 	}
 }
 
-// NewAdapter is the constructor for Adapter.
-func NewAdapter(driverName string, dataSourceName string, dbName string) *Adapter {
-	a := &Adapter{}
-	a.driverName = driverName
-	a.dataSourceName = dataSourceName
-	a.dbName = dbName
-
-	// Open the DB, create it if not existed.
-	a.open()
-
-	// Call the destructor when the object is released.
-	runtime.SetFinalizer(a, finalizer)
-
-	return a
+func GetAdapter(id string) (*Adapter, error) {
+	owner, name := util.GetOwnerAndNameFromId(id)
+	return getAdapter(owner, name)
 }
 
-func createDatabaseForPostgres(driverName string, dataSourceName string, dbName string) error {
-	if driverName == "postgres" {
-		db, err := sql.Open(driverName, dataSourceName)
+func UpdateAdapter(id string, adapter *Adapter) (bool, error) {
+	owner, name := util.GetOwnerAndNameFromId(id)
+	if adapter, err := getAdapter(owner, name); adapter == nil {
+		return false, err
+	}
+
+	if name != adapter.Name {
+		err := adapterChangeTrigger(name, adapter.Name)
+		if err != nil {
+			return false, err
+		}
+	}
+
+	session := ormer.Engine.ID(core.PK{owner, name}).AllCols()
+	if adapter.Password == "***" {
+		session.Omit("password")
+	}
+	affected, err := session.Update(adapter)
+	if err != nil {
+		return false, err
+	}
+
+	return affected != 0, nil
+}
+
+func AddAdapter(adapter *Adapter) (bool, error) {
+	affected, err := ormer.Engine.Insert(adapter)
+	if err != nil {
+		return false, err
+	}
+
+	return affected != 0, nil
+}
+
+func DeleteAdapter(adapter *Adapter) (bool, error) {
+	affected, err := ormer.Engine.ID(core.PK{adapter.Owner, adapter.Name}).Delete(&Adapter{})
+	if err != nil {
+		return false, err
+	}
+
+	return affected != 0, nil
+}
+
+func (adapter *Adapter) GetId() string {
+	return fmt.Sprintf("%s/%s", adapter.Owner, adapter.Name)
+}
+
+func (adapter *Adapter) getTable() string {
+	if adapter.DatabaseType == "mssql" {
+		return fmt.Sprintf("[%s]", adapter.Table)
+	} else {
+		return adapter.Table
+	}
+}
+
+func (adapter *Adapter) initAdapter() error {
+	if adapter.Adapter == nil {
+		var dataSourceName string
+
+		if adapter.buildInAdapter() {
+			dataSourceName = conf.GetConfigString("dataSourceName")
+		} else {
+			switch adapter.DatabaseType {
+			case "mssql":
+				dataSourceName = fmt.Sprintf("sqlserver://%s:%s@%s:%s?database=%s", adapter.User,
+					adapter.Password, adapter.Host, adapter.Port, adapter.Database)
+			case "mysql":
+				dataSourceName = fmt.Sprintf("%s:%s@tcp(%s:%s)/", adapter.User,
+					adapter.Password, adapter.Host, adapter.Port)
+			case "postgres":
+				dataSourceName = fmt.Sprintf("user=%s password=%s host=%s port=%s sslmode=disable dbname=%s", adapter.User,
+					adapter.Password, adapter.Host, adapter.Port, adapter.Database)
+			case "CockroachDB":
+				dataSourceName = fmt.Sprintf("user=%s password=%s host=%s port=%s sslmode=disable dbname=%s serial_normalization=virtual_sequence",
+					adapter.User, adapter.Password, adapter.Host, adapter.Port, adapter.Database)
+			case "sqlite3":
+				dataSourceName = fmt.Sprintf("file:%s", adapter.File)
+			default:
+				return fmt.Errorf("unsupported database type: %s", adapter.DatabaseType)
+			}
+		}
+
+		if !isCloudIntranet {
+			dataSourceName = strings.ReplaceAll(dataSourceName, "dbi.", "db.")
+		}
+
+		var err error
+		adapter.Adapter, err = xormadapter.NewAdapterByEngineWithTableName(NewAdapter(adapter.DatabaseType, dataSourceName, adapter.Database).Engine, adapter.getTable(), adapter.TableNamePrefix)
 		if err != nil {
 			return err
 		}
-		defer db.Close()
-
-		_, err = db.Exec(fmt.Sprintf("CREATE DATABASE %s;", dbName))
-		if err != nil {
-			if !strings.Contains(err.Error(), "already exists") {
-				return err
-			}
-		}
-
-		return nil
-	} else {
-		return nil
 	}
+	return nil
 }
 
-func (a *Adapter) CreateDatabase() error {
-	if a.driverName == "postgres" {
-		return nil
-	}
+func adapterChangeTrigger(oldName string, newName string) error {
+	session := ormer.Engine.NewSession()
+	defer session.Close()
 
-	engine, err := xorm.NewEngine(a.driverName, a.dataSourceName)
+	err := session.Begin()
 	if err != nil {
 		return err
 	}
-	defer engine.Close()
 
-	_, err = engine.Exec(fmt.Sprintf("CREATE DATABASE IF NOT EXISTS %s default charset utf8mb4 COLLATE utf8mb4_general_ci", a.dbName))
-	return err
+	enforcer := new(Enforcer)
+	enforcer.Adapter = newName
+	_, err = session.Where("adapter=?", oldName).Update(enforcer)
+	if err != nil {
+		session.Rollback()
+		return err
+	}
+
+	return session.Commit()
 }
 
-func (a *Adapter) open() {
-	dataSourceName := a.dataSourceName + a.dbName
-	if a.driverName != "mysql" {
-		dataSourceName = a.dataSourceName
-	}
-
-	engine, err := xorm.NewEngine(a.driverName, dataSourceName)
-	if err != nil {
-		panic(err)
-	}
-
-	a.Engine = engine
-}
-
-func (a *Adapter) close() {
-	_ = a.Engine.Close()
-	a.Engine = nil
-}
-
-func (a *Adapter) createTable() {
-	showSql := conf.GetConfigBool("showSql")
-	a.Engine.ShowSQL(showSql)
-
-	err := a.Engine.Sync2(new(Organization))
-	if err != nil {
-		panic(err)
-	}
-
-	err = a.Engine.Sync2(new(User))
-	if err != nil {
-		panic(err)
-	}
-
-	err = a.Engine.Sync2(new(Group))
-	if err != nil {
-		panic(err)
-	}
-
-	err = a.Engine.Sync2(new(Role))
-	if err != nil {
-		panic(err)
-	}
-
-	err = a.Engine.Sync2(new(Permission))
-	if err != nil {
-		panic(err)
-	}
-
-	err = a.Engine.Sync2(new(Model))
-	if err != nil {
-		panic(err)
-	}
-
-	err = a.Engine.Sync2(new(CasbinAdapter))
-	if err != nil {
-		panic(err)
-	}
-
-	err = a.Engine.Sync2(new(Enforcer))
-	if err != nil {
-		panic(err)
-	}
-
-	err = a.Engine.Sync2(new(Provider))
-	if err != nil {
-		panic(err)
-	}
-
-	err = a.Engine.Sync2(new(Application))
-	if err != nil {
-		panic(err)
-	}
-
-	err = a.Engine.Sync2(new(Resource))
-	if err != nil {
-		panic(err)
-	}
-
-	err = a.Engine.Sync2(new(Token))
-	if err != nil {
-		panic(err)
-	}
-
-	err = a.Engine.Sync2(new(VerificationRecord))
-	if err != nil {
-		panic(err)
-	}
-
-	err = a.Engine.Sync2(new(Record))
-	if err != nil {
-		panic(err)
-	}
-
-	err = a.Engine.Sync2(new(Webhook))
-	if err != nil {
-		panic(err)
-	}
-
-	err = a.Engine.Sync2(new(Syncer))
-	if err != nil {
-		panic(err)
-	}
-
-	err = a.Engine.Sync2(new(Cert))
-	if err != nil {
-		panic(err)
-	}
-
-	err = a.Engine.Sync2(new(Chat))
-	if err != nil {
-		panic(err)
-	}
-
-	err = a.Engine.Sync2(new(Message))
-	if err != nil {
-		panic(err)
-	}
-
-	err = a.Engine.Sync2(new(Product))
-	if err != nil {
-		panic(err)
-	}
-
-	err = a.Engine.Sync2(new(Payment))
-	if err != nil {
-		panic(err)
-	}
-
-	err = a.Engine.Sync2(new(Ldap))
-	if err != nil {
-		panic(err)
-	}
-
-	err = a.Engine.Sync2(new(PermissionRule))
-	if err != nil {
-		panic(err)
-	}
-
-	err = a.Engine.Sync2(new(xormadapter.CasbinRule))
-	if err != nil {
-		panic(err)
-	}
-
-	err = a.Engine.Sync2(new(Session))
-	if err != nil {
-		panic(err)
-	}
-
-	err = a.Engine.Sync2(new(Subscription))
-	if err != nil {
-		panic(err)
-	}
-
-	err = a.Engine.Sync2(new(Plan))
-	if err != nil {
-		panic(err)
-	}
-
-	err = a.Engine.Sync2(new(Pricing))
-	if err != nil {
-		panic(err)
-	}
-}
-
-func GetSession(owner string, offset, limit int, field, value, sortField, sortOrder string) *xorm.Session {
-	session := adapter.Engine.Prepare()
-	if offset != -1 && limit != -1 {
-		session.Limit(limit, offset)
-	}
-	if owner != "" {
-		session = session.And("owner=?", owner)
-	}
-	if field != "" && value != "" {
-		if util.FilterField(field) {
-			session = session.And(fmt.Sprintf("%s like ?", util.SnakeString(field)), fmt.Sprintf("%%%s%%", value))
-		}
-	}
-	if sortField == "" || sortOrder == "" {
-		sortField = "created_time"
-	}
-	if sortOrder == "ascend" {
-		session = session.Asc(util.SnakeString(sortField))
+func safeReturn(policy []string, i int) string {
+	if len(policy) > i {
+		return policy[i]
 	} else {
-		session = session.Desc(util.SnakeString(sortField))
+		return ""
 	}
-	return session
 }
 
-func GetSessionForUser(owner string, offset, limit int, field, value, sortField, sortOrder string) *xorm.Session {
-	session := adapter.Engine.Prepare()
-	if offset != -1 && limit != -1 {
-		session.Limit(limit, offset)
-	}
-	if owner != "" {
-		if offset == -1 {
-			session = session.And("owner=?", owner)
-		} else {
-			session = session.And("a.owner=?", owner)
+func matrixToCasbinRules(Ptype string, policies [][]string) []*xormadapter.CasbinRule {
+	res := []*xormadapter.CasbinRule{}
+
+	for _, policy := range policies {
+		line := xormadapter.CasbinRule{
+			Ptype: Ptype,
+			V0:    safeReturn(policy, 0),
+			V1:    safeReturn(policy, 1),
+			V2:    safeReturn(policy, 2),
+			V3:    safeReturn(policy, 3),
+			V4:    safeReturn(policy, 4),
+			V5:    safeReturn(policy, 5),
 		}
-	}
-	if field != "" && value != "" {
-		if util.FilterField(field) {
-			if offset != -1 {
-				field = fmt.Sprintf("a.%s", field)
-			}
-			session = session.And(fmt.Sprintf("%s like ?", util.SnakeString(field)), fmt.Sprintf("%%%s%%", value))
-		}
-	}
-	if sortField == "" || sortOrder == "" {
-		sortField = "created_time"
+		res = append(res, &line)
 	}
 
-	tableNamePrefix := conf.GetConfigString("tableNamePrefix")
-	tableName := tableNamePrefix + "user"
-	if offset == -1 {
-		if sortOrder == "ascend" {
-			session = session.Asc(util.SnakeString(sortField))
-		} else {
-			session = session.Desc(util.SnakeString(sortField))
-		}
-	} else {
-		if sortOrder == "ascend" {
-			session = session.Alias("a").
-				Join("INNER", []string{tableName, "b"}, "a.owner = b.owner and a.name = b.name").
-				Select("b.*").
-				Asc("a." + util.SnakeString(sortField))
-		} else {
-			session = session.Alias("a").
-				Join("INNER", []string{tableName, "b"}, "a.owner = b.owner and a.name = b.name").
-				Select("b.*").
-				Desc("a." + util.SnakeString(sortField))
-		}
-	}
-
-	return session
+	return res
+}
+
+func GetPolicies(adapter *Adapter) ([]*xormadapter.CasbinRule, error) {
+	err := adapter.initAdapter()
+	if err != nil {
+		return nil, err
+	}
+
+	casbinModel := getModelDef()
+	err = adapter.LoadPolicy(casbinModel)
+	if err != nil {
+		return nil, err
+	}
+
+	policies := matrixToCasbinRules("p", casbinModel.GetPolicy("p", "p"))
+	policies = append(policies, matrixToCasbinRules("g", casbinModel.GetPolicy("g", "g"))...)
+	return policies, nil
+}
+
+func UpdatePolicy(oldPolicy, newPolicy []string, adapter *Adapter) (bool, error) {
+	err := adapter.initAdapter()
+	if err != nil {
+		return false, err
+	}
+
+	casbinModel := getModelDef()
+	err = adapter.LoadPolicy(casbinModel)
+	if err != nil {
+		return false, err
+	}
+
+	affected := casbinModel.UpdatePolicy("p", "p", oldPolicy, newPolicy)
+	if err != nil {
+		return affected, err
+	}
+	return affected, nil
+}
+
+func AddPolicy(policy []string, adapter *Adapter) (bool, error) {
+	err := adapter.initAdapter()
+	if err != nil {
+		return false, err
+	}
+
+	casbinModel := getModelDef()
+	err = adapter.LoadPolicy(casbinModel)
+	if err != nil {
+		return false, err
+	}
+
+	casbinModel.AddPolicy("p", "p", policy)
+
+	return true, nil
+}
+
+func RemovePolicy(policy []string, adapter *Adapter) (bool, error) {
+	err := adapter.initAdapter()
+	if err != nil {
+		return false, err
+	}
+
+	casbinModel := getModelDef()
+	err = adapter.LoadPolicy(casbinModel)
+	if err != nil {
+		return false, err
+	}
+
+	affected := casbinModel.RemovePolicy("p", "p", policy)
+	if err != nil {
+		return affected, err
+	}
+	return affected, nil
+}
+
+func (adapter *Adapter) buildInAdapter() bool {
+	if adapter.Owner != "built-in" {
+		return false
+	}
+
+	return adapter.Name == "permission-adapter-built-in" || adapter.Name == "api-adapter-built-in"
+}
+
+func getModelDef() model.Model {
+	casbinModel := model.NewModel()
+	casbinModel.AddDef("p", "p", "_, _, _, _, _, _")
+	casbinModel.AddDef("g", "g", "_, _, _, _, _, _")
+	return casbinModel
 }

object/application.go

@@ -92,7 +92,7 @@ func GetOrganizationApplicationCount(owner, Organization, field, value string) (
 
 func GetApplications(owner string) ([]*Application, error) {
 	applications := []*Application{}
-	err := adapter.Engine.Desc("created_time").Find(&applications, &Application{Owner: owner})
+	err := ormer.Engine.Desc("created_time").Find(&applications, &Application{Owner: owner})
 	if err != nil {
 		return applications, err
 	}
@@ -102,7 +102,7 @@ func GetApplications(owner string) ([]*Application, error) {
 
 func GetOrganizationApplications(owner string, organization string) ([]*Application, error) {
 	applications := []*Application{}
-	err := adapter.Engine.Desc("created_time").Find(&applications, &Application{Organization: organization})
+	err := ormer.Engine.Desc("created_time").Find(&applications, &Application{Organization: organization})
 	if err != nil {
 		return applications, err
 	}
@@ -182,7 +182,7 @@ func getApplication(owner string, name string) (*Application, error) {
 	}
 
 	application := Application{Owner: owner, Name: name}
-	existed, err := adapter.Engine.Get(&application)
+	existed, err := ormer.Engine.Get(&application)
 	if err != nil {
 		return nil, err
 	}
@@ -206,7 +206,7 @@ func getApplication(owner string, name string) (*Application, error) {
 
 func GetApplicationByOrganizationName(organization string) (*Application, error) {
 	application := Application{}
-	existed, err := adapter.Engine.Where("organization=?", organization).Get(&application)
+	existed, err := ormer.Engine.Where("organization=?", organization).Get(&application)
 	if err != nil {
 		return nil, nil
 	}
@@ -253,7 +253,7 @@ func GetApplicationByUserId(userId string) (application *Application, err error)
 
 func GetApplicationByClientId(clientId string) (*Application, error) {
 	application := Application{}
-	existed, err := adapter.Engine.Where("client_id=?", clientId).Get(&application)
+	existed, err := ormer.Engine.Where("client_id=?", clientId).Get(&application)
 	if err != nil {
 		return nil, err
 	}
@@ -281,14 +281,21 @@ func GetApplication(id string) (*Application, error) {
 }
 
 func GetMaskedApplication(application *Application, userId string) *Application {
-	if isUserIdGlobalAdmin(userId) {
-		return application
-	}
-
 	if application == nil {
 		return nil
 	}
 
+	if userId != "" {
+		if isUserIdGlobalAdmin(userId) {
+			return application
+		}
+
+		user, _ := GetUser(userId)
+		if user != nil && user.IsApplicationAdmin(application) {
+			return application
+		}
+	}
+
 	if application.ClientSecret != "" {
 		application.ClientSecret = "***"
 	}
@@ -349,7 +356,7 @@ func UpdateApplication(id string, application *Application) (bool, error) {
 		providerItem.Provider = nil
 	}
 
-	session := adapter.Engine.ID(core.PK{owner, name}).AllCols()
+	session := ormer.Engine.ID(core.PK{owner, name}).AllCols()
 	if application.ClientSecret == "***" {
 		session.Omit("client_secret")
 	}
@@ -388,7 +395,7 @@ func AddApplication(application *Application) (bool, error) {
 		providerItem.Provider = nil
 	}
 
-	affected, err := adapter.Engine.Insert(application)
+	affected, err := ormer.Engine.Insert(application)
 	if err != nil {
 		return false, nil
 	}
@@ -401,7 +408,7 @@ func DeleteApplication(application *Application) (bool, error) {
 		return false, nil
 	}
 
-	affected, err := adapter.Engine.ID(core.PK{application.Owner, application.Name}).Delete(&Application{})
+	affected, err := ormer.Engine.ID(core.PK{application.Owner, application.Name}).Delete(&Application{})
 	if err != nil {
 		return false, err
 	}
@@ -477,7 +484,7 @@ func ExtendManagedAccountsWithUser(user *User) (*User, error) {
 }
 
 func applicationChangeTrigger(oldName string, newName string) error {
-	session := adapter.Engine.NewSession()
+	session := ormer.Engine.NewSession()
 	defer session.Close()
 
 	err := session.Begin()
@@ -507,7 +514,7 @@ func applicationChangeTrigger(oldName string, newName string) error {
 	}
 
 	var permissions []*Permission
-	err = adapter.Engine.Find(&permissions)
+	err = ormer.Engine.Find(&permissions)
 	if err != nil {
 		return err
 	}

object/casbin_adapter.go

@@ -1,313 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package object
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/casbin/casbin/v2"
-	"github.com/casbin/casbin/v2/model"
-	"github.com/casdoor/casdoor/util"
-	xormadapter "github.com/casdoor/xorm-adapter/v3"
-	"github.com/xorm-io/core"
-)
-
-type CasbinAdapter struct {
-	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
-	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
-	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
-
-	Type  string `xorm:"varchar(100)" json:"type"`
-	Model string `xorm:"varchar(100)" json:"model"`
-
-	Host         string `xorm:"varchar(100)" json:"host"`
-	Port         int    `json:"port"`
-	User         string `xorm:"varchar(100)" json:"user"`
-	Password     string `xorm:"varchar(100)" json:"password"`
-	DatabaseType string `xorm:"varchar(100)" json:"databaseType"`
-	Database     string `xorm:"varchar(100)" json:"database"`
-	Table        string `xorm:"varchar(100)" json:"table"`
-	IsEnabled    bool   `json:"isEnabled"`
-
-	Adapter *xormadapter.Adapter `xorm:"-" json:"-"`
-}
-
-func GetCasbinAdapterCount(owner, field, value string) (int64, error) {
-	session := GetSession(owner, -1, -1, field, value, "", "")
-	return session.Count(&CasbinAdapter{})
-}
-
-func GetCasbinAdapters(owner string) ([]*CasbinAdapter, error) {
-	adapters := []*CasbinAdapter{}
-	err := adapter.Engine.Desc("created_time").Find(&adapters, &CasbinAdapter{Owner: owner})
-	if err != nil {
-		return adapters, err
-	}
-
-	return adapters, nil
-}
-
-func GetPaginationCasbinAdapters(owner string, offset, limit int, field, value, sortField, sortOrder string) ([]*CasbinAdapter, error) {
-	adapters := []*CasbinAdapter{}
-	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
-	err := session.Find(&adapters)
-	if err != nil {
-		return adapters, err
-	}
-
-	return adapters, nil
-}
-
-func getCasbinAdapter(owner, name string) (*CasbinAdapter, error) {
-	if owner == "" || name == "" {
-		return nil, nil
-	}
-
-	casbinAdapter := CasbinAdapter{Owner: owner, Name: name}
-	existed, err := adapter.Engine.Get(&casbinAdapter)
-	if err != nil {
-		return nil, err
-	}
-
-	if existed {
-		return &casbinAdapter, nil
-	} else {
-		return nil, nil
-	}
-}
-
-func GetCasbinAdapter(id string) (*CasbinAdapter, error) {
-	owner, name := util.GetOwnerAndNameFromId(id)
-	return getCasbinAdapter(owner, name)
-}
-
-func UpdateCasbinAdapter(id string, casbinAdapter *CasbinAdapter) (bool, error) {
-	owner, name := util.GetOwnerAndNameFromId(id)
-	if casbinAdapter, err := getCasbinAdapter(owner, name); casbinAdapter == nil {
-		return false, err
-	}
-
-	if name != casbinAdapter.Name {
-		err := casbinAdapterChangeTrigger(name, casbinAdapter.Name)
-		if err != nil {
-			return false, err
-		}
-	}
-
-	session := adapter.Engine.ID(core.PK{owner, name}).AllCols()
-	if casbinAdapter.Password == "***" {
-		session.Omit("password")
-	}
-	affected, err := session.Update(casbinAdapter)
-	if err != nil {
-		return false, err
-	}
-
-	return affected != 0, nil
-}
-
-func AddCasbinAdapter(casbinAdapter *CasbinAdapter) (bool, error) {
-	affected, err := adapter.Engine.Insert(casbinAdapter)
-	if err != nil {
-		return false, err
-	}
-
-	return affected != 0, nil
-}
-
-func DeleteCasbinAdapter(casbinAdapter *CasbinAdapter) (bool, error) {
-	affected, err := adapter.Engine.ID(core.PK{casbinAdapter.Owner, casbinAdapter.Name}).Delete(&CasbinAdapter{})
-	if err != nil {
-		return false, err
-	}
-
-	return affected != 0, nil
-}
-
-func (casbinAdapter *CasbinAdapter) GetId() string {
-	return fmt.Sprintf("%s/%s", casbinAdapter.Owner, casbinAdapter.Name)
-}
-
-func (casbinAdapter *CasbinAdapter) getTable() string {
-	if casbinAdapter.DatabaseType == "mssql" {
-		return fmt.Sprintf("[%s]", casbinAdapter.Table)
-	} else {
-		return casbinAdapter.Table
-	}
-}
-
-func initEnforcer(modelObj *Model, casbinAdapter *CasbinAdapter) (*casbin.Enforcer, error) {
-	// init Adapter
-	if casbinAdapter.Adapter == nil {
-		var dataSourceName string
-		if casbinAdapter.DatabaseType == "mssql" {
-			dataSourceName = fmt.Sprintf("sqlserver://%s:%s@%s:%d?database=%s", casbinAdapter.User, casbinAdapter.Password, casbinAdapter.Host, casbinAdapter.Port, casbinAdapter.Database)
-		} else if casbinAdapter.DatabaseType == "postgres" {
-			dataSourceName = fmt.Sprintf("user=%s password=%s host=%s port=%d sslmode=disable dbname=%s", casbinAdapter.User, casbinAdapter.Password, casbinAdapter.Host, casbinAdapter.Port, casbinAdapter.Database)
-		} else {
-			dataSourceName = fmt.Sprintf("%s:%s@tcp(%s:%d)/", casbinAdapter.User, casbinAdapter.Password, casbinAdapter.Host, casbinAdapter.Port)
-		}
-
-		if !isCloudIntranet {
-			dataSourceName = strings.ReplaceAll(dataSourceName, "dbi.", "db.")
-		}
-
-		var err error
-		casbinAdapter.Adapter, err = xormadapter.NewAdapterByEngineWithTableName(NewAdapter(casbinAdapter.DatabaseType, dataSourceName, casbinAdapter.Database).Engine, casbinAdapter.getTable(), "")
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	// init Model
-	m, err := model.NewModelFromString(modelObj.ModelText)
-	if err != nil {
-		return nil, err
-	}
-
-	// init Enforcer
-	enforcer, err := casbin.NewEnforcer(m, casbinAdapter.Adapter)
-	if err != nil {
-		return nil, err
-	}
-
-	return enforcer, nil
-}
-
-func casbinAdapterChangeTrigger(oldName string, newName string) error {
-	session := adapter.Engine.NewSession()
-	defer session.Close()
-
-	err := session.Begin()
-	if err != nil {
-		return err
-	}
-
-	enforcer := new(Enforcer)
-	enforcer.Adapter = newName
-	_, err = session.Where("adapter=?", oldName).Update(enforcer)
-	if err != nil {
-		session.Rollback()
-		return err
-	}
-
-	return session.Commit()
-}
-
-func safeReturn(policy []string, i int) string {
-	if len(policy) > i {
-		return policy[i]
-	} else {
-		return ""
-	}
-}
-
-func matrixToCasbinRules(Ptype string, policies [][]string) []*xormadapter.CasbinRule {
-	res := []*xormadapter.CasbinRule{}
-
-	for _, policy := range policies {
-		line := xormadapter.CasbinRule{
-			Ptype: Ptype,
-			V0:    safeReturn(policy, 0),
-			V1:    safeReturn(policy, 1),
-			V2:    safeReturn(policy, 2),
-			V3:    safeReturn(policy, 3),
-			V4:    safeReturn(policy, 4),
-			V5:    safeReturn(policy, 5),
-		}
-		res = append(res, &line)
-	}
-
-	return res
-}
-
-func SyncPolicies(casbinAdapter *CasbinAdapter) ([]*xormadapter.CasbinRule, error) {
-	modelObj, err := getModel(casbinAdapter.Owner, casbinAdapter.Model)
-	if err != nil {
-		return nil, err
-	}
-
-	if modelObj == nil {
-		return nil, fmt.Errorf("The model: %s does not exist", util.GetId(casbinAdapter.Owner, casbinAdapter.Model))
-	}
-
-	enforcer, err := initEnforcer(modelObj, casbinAdapter)
-	if err != nil {
-		return nil, err
-	}
-
-	policies := matrixToCasbinRules("p", enforcer.GetPolicy())
-	if strings.Contains(modelObj.ModelText, "[role_definition]") {
-		policies = append(policies, matrixToCasbinRules("g", enforcer.GetGroupingPolicy())...)
-	}
-
-	return policies, nil
-}
-
-func UpdatePolicy(oldPolicy, newPolicy []string, casbinAdapter *CasbinAdapter) (bool, error) {
-	modelObj, err := getModel(casbinAdapter.Owner, casbinAdapter.Model)
-	if err != nil {
-		return false, err
-	}
-
-	enforcer, err := initEnforcer(modelObj, casbinAdapter)
-	if err != nil {
-		return false, err
-	}
-
-	affected, err := enforcer.UpdatePolicy(oldPolicy, newPolicy)
-	if err != nil {
-		return affected, err
-	}
-	return affected, nil
-}
-
-func AddPolicy(policy []string, casbinAdapter *CasbinAdapter) (bool, error) {
-	modelObj, err := getModel(casbinAdapter.Owner, casbinAdapter.Model)
-	if err != nil {
-		return false, err
-	}
-
-	enforcer, err := initEnforcer(modelObj, casbinAdapter)
-	if err != nil {
-		return false, err
-	}
-
-	affected, err := enforcer.AddPolicy(policy)
-	if err != nil {
-		return affected, err
-	}
-	return affected, nil
-}
-
-func RemovePolicy(policy []string, casbinAdapter *CasbinAdapter) (bool, error) {
-	modelObj, err := getModel(casbinAdapter.Owner, casbinAdapter.Model)
-	if err != nil {
-		return false, err
-	}
-
-	enforcer, err := initEnforcer(modelObj, casbinAdapter)
-	if err != nil {
-		return false, err
-	}
-
-	affected, err := enforcer.RemovePolicy(policy)
-	if err != nil {
-		return affected, err
-	}
-
-	return affected, nil
-}

object/cert.go

@@ -65,7 +65,7 @@ func GetCertCount(owner, field, value string) (int64, error) {
 
 func GetCerts(owner string) ([]*Cert, error) {
 	certs := []*Cert{}
-	err := adapter.Engine.Where("owner = ? or owner = ? ", "admin", owner).Desc("created_time").Find(&certs, &Cert{})
+	err := ormer.Engine.Where("owner = ? or owner = ? ", "admin", owner).Desc("created_time").Find(&certs, &Cert{})
 	if err != nil {
 		return certs, err
 	}
@@ -91,7 +91,7 @@ func GetGlobalCertsCount(field, value string) (int64, error) {
 
 func GetGlobleCerts() ([]*Cert, error) {
 	certs := []*Cert{}
-	err := adapter.Engine.Desc("created_time").Find(&certs)
+	err := ormer.Engine.Desc("created_time").Find(&certs)
 	if err != nil {
 		return certs, err
 	}
@@ -116,7 +116,7 @@ func getCert(owner string, name string) (*Cert, error) {
 	}
 
 	cert := Cert{Owner: owner, Name: name}
-	existed, err := adapter.Engine.Get(&cert)
+	existed, err := ormer.Engine.Get(&cert)
 	if err != nil {
 		return &cert, err
 	}
@@ -134,7 +134,7 @@ func getCertByName(name string) (*Cert, error) {
 	}
 
 	cert := Cert{Name: name}
-	existed, err := adapter.Engine.Get(&cert)
+	existed, err := ormer.Engine.Get(&cert)
 	if err != nil {
 		return &cert, nil
 	}
@@ -165,7 +165,7 @@ func UpdateCert(id string, cert *Cert) (bool, error) {
 			return false, nil
 		}
 	}
-	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(cert)
+	affected, err := ormer.Engine.ID(core.PK{owner, name}).AllCols().Update(cert)
 	if err != nil {
 		return false, err
 	}
@@ -180,7 +180,7 @@ func AddCert(cert *Cert) (bool, error) {
 		cert.PrivateKey = privateKey
 	}
 
-	affected, err := adapter.Engine.Insert(cert)
+	affected, err := ormer.Engine.Insert(cert)
 	if err != nil {
 		return false, err
 	}
@@ -189,7 +189,7 @@ func AddCert(cert *Cert) (bool, error) {
 }
 
 func DeleteCert(cert *Cert) (bool, error) {
-	affected, err := adapter.Engine.ID(core.PK{cert.Owner, cert.Name}).Delete(&Cert{})
+	affected, err := ormer.Engine.ID(core.PK{cert.Owner, cert.Name}).Delete(&Cert{})
 	if err != nil {
 		return false, err
 	}
@@ -214,7 +214,7 @@ func GetDefaultCert() (*Cert, error) {
 }
 
 func certChangeTrigger(oldName string, newName string) error {
-	session := adapter.Engine.NewSession()
+	session := ormer.Engine.NewSession()
 	defer session.Close()
 
 	err := session.Begin()

object/chat.go

@@ -70,7 +70,7 @@ func GetChatCount(owner, field, value string) (int64, error) {
 
 func GetChats(owner string) ([]*Chat, error) {
 	chats := []*Chat{}
-	err := adapter.Engine.Desc("created_time").Find(&chats, &Chat{Owner: owner})
+	err := ormer.Engine.Desc("created_time").Find(&chats, &Chat{Owner: owner})
 	if err != nil {
 		return chats, err
 	}
@@ -95,7 +95,7 @@ func getChat(owner string, name string) (*Chat, error) {
 	}
 
 	chat := Chat{Owner: owner, Name: name}
-	existed, err := adapter.Engine.Get(&chat)
+	existed, err := ormer.Engine.Get(&chat)
 	if err != nil {
 		return &chat, err
 	}
@@ -120,7 +120,7 @@ func UpdateChat(id string, chat *Chat) (bool, error) {
 		return false, nil
 	}
 
-	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(chat)
+	affected, err := ormer.Engine.ID(core.PK{owner, name}).AllCols().Update(chat)
 	if err != nil {
 		return false, nil
 	}
@@ -140,7 +140,7 @@ func AddChat(chat *Chat) (bool, error) {
 		}
 	}
 
-	affected, err := adapter.Engine.Insert(chat)
+	affected, err := ormer.Engine.Insert(chat)
 	if err != nil {
 		return false, nil
 	}
@@ -149,7 +149,7 @@ func AddChat(chat *Chat) (bool, error) {
 }
 
 func DeleteChat(chat *Chat) (bool, error) {
-	affected, err := adapter.Engine.ID(core.PK{chat.Owner, chat.Name}).Delete(&Chat{})
+	affected, err := ormer.Engine.ID(core.PK{chat.Owner, chat.Name}).Delete(&Chat{})
 	if err != nil {
 		return false, err
 	}

object/enforcer.go

@@ -15,6 +15,8 @@
 package object
 
 import (
+	"errors"
+
 	"github.com/casbin/casbin/v2"
 	"github.com/casdoor/casdoor/util"
 	"github.com/xorm-io/core"
@@ -42,7 +44,7 @@ func GetEnforcerCount(owner, field, value string) (int64, error) {
 
 func GetEnforcers(owner string) ([]*Enforcer, error) {
 	enforcers := []*Enforcer{}
-	err := adapter.Engine.Desc("created_time").Find(&enforcers, &Enforcer{Owner: owner})
+	err := ormer.Engine.Desc("created_time").Find(&enforcers, &Enforcer{Owner: owner})
 	if err != nil {
 		return enforcers, err
 	}
@@ -67,7 +69,7 @@ func getEnforcer(owner string, name string) (*Enforcer, error) {
 	}
 
 	enforcer := Enforcer{Owner: owner, Name: name}
-	existed, err := adapter.Engine.Get(&enforcer)
+	existed, err := ormer.Engine.Get(&enforcer)
 	if err != nil {
 		return &enforcer, err
 	}
@@ -92,7 +94,7 @@ func UpdateEnforcer(id string, enforcer *Enforcer) (bool, error) {
 		return false, nil
 	}
 
-	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(enforcer)
+	affected, err := ormer.Engine.ID(core.PK{owner, name}).AllCols().Update(enforcer)
 	if err != nil {
 		return false, err
 	}
@@ -101,7 +103,7 @@ func UpdateEnforcer(id string, enforcer *Enforcer) (bool, error) {
 }
 
 func AddEnforcer(enforcer *Enforcer) (bool, error) {
-	affected, err := adapter.Engine.Insert(enforcer)
+	affected, err := ormer.Engine.Insert(enforcer)
 	if err != nil {
 		return false, err
 	}
@@ -110,10 +112,52 @@ func AddEnforcer(enforcer *Enforcer) (bool, error) {
 }
 
 func DeleteEnforcer(enforcer *Enforcer) (bool, error) {
-	affected, err := adapter.Engine.ID(core.PK{enforcer.Owner, enforcer.Name}).Delete(&Enforcer{})
+	affected, err := ormer.Engine.ID(core.PK{enforcer.Owner, enforcer.Name}).Delete(&Enforcer{})
 	if err != nil {
 		return false, err
 	}
 
 	return affected != 0, nil
 }
+
+func (enforcer *Enforcer) InitEnforcer() (*casbin.Enforcer, error) {
+	if enforcer == nil {
+		return nil, errors.New("enforcer is nil")
+	}
+	if enforcer.Model == "" || enforcer.Adapter == "" {
+		return nil, errors.New("missing model or adapter")
+	}
+
+	var err error
+	var m *Model
+	var a *Adapter
+
+	if m, err = GetModel(enforcer.Model); err != nil {
+		return nil, err
+	} else if m == nil {
+		return nil, errors.New("model not found")
+	}
+
+	if a, err = GetAdapter(enforcer.Adapter); err != nil {
+		return nil, err
+	} else if a == nil {
+		return nil, errors.New("adapter not found")
+	}
+
+	err = m.initModel()
+	if err != nil {
+		return nil, err
+	}
+
+	err = a.initAdapter()
+	if err != nil {
+		return nil, err
+	}
+
+	e, err := casbin.NewEnforcer(m.Model, a.Adapter)
+	if err != nil {
+		return nil, err
+	}
+
+	return e, nil
+}

object/group.go

@@ -58,7 +58,7 @@ func GetGroupCount(owner, field, value string) (int64, error) {
 
 func GetGroups(owner string) ([]*Group, error) {
 	groups := []*Group{}
-	err := adapter.Engine.Desc("created_time").Find(&groups, &Group{Owner: owner})
+	err := ormer.Engine.Desc("created_time").Find(&groups, &Group{Owner: owner})
 	if err != nil {
 		return nil, err
 	}
@@ -83,7 +83,7 @@ func getGroup(owner string, name string) (*Group, error) {
 	}
 
 	group := Group{Owner: owner, Name: name}
-	existed, err := adapter.Engine.Get(&group)
+	existed, err := ormer.Engine.Get(&group)
 	if err != nil {
 		return nil, err
 	}
@@ -119,7 +119,7 @@ func UpdateGroup(id string, group *Group) (bool, error) {
 		}
 	}
 
-	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(group)
+	affected, err := ormer.Engine.ID(core.PK{owner, name}).AllCols().Update(group)
 	if err != nil {
 		return false, err
 	}
@@ -133,7 +133,7 @@ func AddGroup(group *Group) (bool, error) {
 		return false, err
 	}
 
-	affected, err := adapter.Engine.Insert(group)
+	affected, err := ormer.Engine.Insert(group)
 	if err != nil {
 		return false, err
 	}
@@ -145,7 +145,7 @@ func AddGroups(groups []*Group) (bool, error) {
 	if len(groups) == 0 {
 		return false, nil
 	}
-	affected, err := adapter.Engine.Insert(groups)
+	affected, err := ormer.Engine.Insert(groups)
 	if err != nil {
 		return false, err
 	}
@@ -153,12 +153,12 @@ func AddGroups(groups []*Group) (bool, error) {
 }
 
 func DeleteGroup(group *Group) (bool, error) {
-	_, err := adapter.Engine.Get(group)
+	_, err := ormer.Engine.Get(group)
 	if err != nil {
 		return false, err
 	}
 
-	if count, err := adapter.Engine.Where("parent_id = ?", group.Name).Count(&Group{}); err != nil {
+	if count, err := ormer.Engine.Where("parent_id = ?", group.Name).Count(&Group{}); err != nil {
 		return false, err
 	} else if count > 0 {
 		return false, errors.New("group has children group")
@@ -170,7 +170,7 @@ func DeleteGroup(group *Group) (bool, error) {
 		return false, errors.New("group has users")
 	}
 
-	affected, err := adapter.Engine.ID(core.PK{group.Owner, group.Name}).Delete(&Group{})
+	affected, err := ormer.Engine.ID(core.PK{group.Owner, group.Name}).Delete(&Group{})
 	if err != nil {
 		return false, err
 	}
@@ -179,7 +179,7 @@ func DeleteGroup(group *Group) (bool, error) {
 }
 
 func checkGroupName(name string) error {
-	exist, err := adapter.Engine.Exist(&Organization{Owner: "admin", Name: name})
+	exist, err := ormer.Engine.Exist(&Organization{Owner: "admin", Name: name})
 	if err != nil {
 		return err
 	}
@@ -233,10 +233,10 @@ func RemoveUserFromGroup(owner, name, groupName string) (bool, error) {
 
 func GetGroupUserCount(groupName string, field, value string) (int64, error) {
 	if field == "" && value == "" {
-		return adapter.Engine.Where(builder.Like{"`groups`", groupName}).
+		return ormer.Engine.Where(builder.Like{"`groups`", groupName}).
 			Count(&User{})
 	} else {
-		return adapter.Engine.Table("user").
+		return ormer.Engine.Table("user").
 			Where(builder.Like{"`groups`", groupName}).
 			And(fmt.Sprintf("user.%s LIKE ?", util.CamelToSnakeCase(field)), "%"+value+"%").
 			Count()
@@ -245,7 +245,7 @@ func GetGroupUserCount(groupName string, field, value string) (int64, error) {
 
 func GetPaginationGroupUsers(groupName string, offset, limit int, field, value, sortField, sortOrder string) ([]*User, error) {
 	users := []*User{}
-	session := adapter.Engine.Table("user").
+	session := ormer.Engine.Table("user").
 		Where(builder.Like{"`groups`", groupName + "\""})
 
 	if offset != -1 && limit != -1 {
@@ -275,7 +275,7 @@ func GetPaginationGroupUsers(groupName string, offset, limit int, field, value,
 
 func GetGroupUsers(groupName string) ([]*User, error) {
 	users := []*User{}
-	err := adapter.Engine.Table("user").
+	err := ormer.Engine.Table("user").
 		Where(builder.Like{"`groups`", groupName + "\""}).
 		Find(&users)
 	if err != nil {
@@ -286,7 +286,7 @@ func GetGroupUsers(groupName string) ([]*User, error) {
 }
 
 func GroupChangeTrigger(oldName, newName string) error {
-	session := adapter.Engine.NewSession()
+	session := ormer.Engine.NewSession()
 	defer session.Close()
 	err := session.Begin()
 	if err != nil {

object/init.go

@@ -27,7 +27,6 @@ import (
 func InitDb() {
 	existed := initBuiltInOrganization()
 	if !existed {
-		initBuiltInModel()
 		initBuiltInPermission()
 		initBuiltInProvider()
 		initBuiltInUser()
@@ -36,6 +35,15 @@ func InitDb() {
 		initBuiltInLdap()
 	}
 
+	existed = initBuiltInApiModel()
+	if !existed {
+		initBuildInApiAdapter()
+		initBuiltInApiEnforcer()
+		initBuiltInPermissionModel()
+		initBuildInPermissionAdapter()
+		initBuiltInPermissionEnforcer()
+	}
+
 	initWebAuthn()
 }
 
@@ -295,8 +303,8 @@ func initWebAuthn() {
 	gob.Register(webauthn.SessionData{})
 }
 
-func initBuiltInModel() {
-	model, err := GetModel("built-in/model-built-in")
+func initBuiltInPermissionModel() {
+	model, err := GetModel("built-in/permission-model-built-in")
 	if err != nil {
 		panic(err)
 	}
@@ -307,7 +315,7 @@ func initBuiltInModel() {
 
 	model = &Model{
 		Owner:       "built-in",
-		Name:        "model-built-in",
+		Name:        "permission-model-built-in",
 		CreatedTime: util.GetCurrentTime(),
 		DisplayName: "Built-in Model",
 		IsEnabled:   true,
@@ -329,6 +337,54 @@ m = r.sub == p.sub && r.obj == p.obj && r.act == p.act`,
 	}
 }
 
+func initBuiltInApiModel() bool {
+	model, err := GetModel("built-in/api-model-built-in")
+	if err != nil {
+		panic(err)
+	}
+
+	if model != nil {
+		return true
+	}
+
+	modelText := `
+[request_definition]
+r = subOwner, subName, method, urlPath, objOwner, objName
+
+[policy_definition]
+p = subOwner, subName, method, urlPath, objOwner, objName
+
+[role_definition]
+g = _, _
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = (r.subOwner == p.subOwner || p.subOwner == "*") && \
+    (r.subName == p.subName || p.subName == "*" || r.subName != "anonymous" && p.subName == "!anonymous") && \
+    (r.method == p.method || p.method == "*") && \
+    (r.urlPath == p.urlPath || p.urlPath == "*") && \
+    (r.objOwner == p.objOwner || p.objOwner == "*") && \
+    (r.objName == p.objName || p.objName == "*") || \
+    (r.subOwner == r.objOwner && r.subName == r.objName)
+`
+
+	model = &Model{
+		Owner:       "built-in",
+		Name:        "api-model-built-in",
+		CreatedTime: util.GetCurrentTime(),
+		DisplayName: "API Model",
+		IsEnabled:   true,
+		ModelText:   modelText,
+	}
+	_, err = AddModel(model)
+	if err != nil {
+		panic(err)
+	}
+	return false
+}
+
 func initBuiltInPermission() {
 	permission, err := GetPermission("built-in/permission-built-in")
 	if err != nil {
@@ -358,3 +414,109 @@ func initBuiltInPermission() {
 		panic(err)
 	}
 }
+
+func initBuildInPermissionAdapter() {
+	permissionAdapter, err := GetAdapter("built-in/permission-adapter-built-in")
+	if err != nil {
+		panic(err)
+	}
+
+	if permissionAdapter != nil {
+		return
+	}
+
+	permissionAdapter = &Adapter{
+		Owner:           "built-in",
+		Name:            "permission-adapter-built-in",
+		CreatedTime:     util.GetCurrentTime(),
+		Type:            "Database",
+		DatabaseType:    conf.GetConfigString("driverName"),
+		TableNamePrefix: conf.GetConfigString("tableNamePrefix"),
+		Database:        conf.GetConfigString("dbName"),
+		Table:           "casbin_user_rule",
+		IsEnabled:       true,
+	}
+	_, err = AddAdapter(permissionAdapter)
+	if err != nil {
+		panic(err)
+	}
+}
+
+func initBuildInApiAdapter() {
+	apiAdapter, err := GetAdapter("built-in/api-adapter-built-in")
+	if err != nil {
+		panic(err)
+	}
+
+	if apiAdapter != nil {
+		return
+	}
+
+	apiAdapter = &Adapter{
+		Owner:           "built-in",
+		Name:            "api-adapter-built-in",
+		CreatedTime:     util.GetCurrentTime(),
+		Type:            "Database",
+		DatabaseType:    conf.GetConfigString("driverName"),
+		TableNamePrefix: conf.GetConfigString("tableNamePrefix"),
+		Database:        conf.GetConfigString("dbName"),
+		Table:           "casbin_api_rule",
+		IsEnabled:       true,
+	}
+	_, err = AddAdapter(apiAdapter)
+	if err != nil {
+		panic(err)
+	}
+}
+
+func initBuiltInPermissionEnforcer() {
+	permissionEnforcer, err := GetEnforcer("built-in/permission-enforcer-built-in")
+	if err != nil {
+		panic(err)
+	}
+
+	if permissionEnforcer != nil {
+		return
+	}
+
+	permissionEnforcer = &Enforcer{
+		Owner:       "built-in",
+		Name:        "permission-enforcer-built-in",
+		CreatedTime: util.GetCurrentTime(),
+		DisplayName: "Permission Enforcer",
+		Model:       "built-in/permission-model-built-in",
+		Adapter:     "built-in/permission-adapter-built-in",
+		IsEnabled:   true,
+	}
+
+	_, err = AddEnforcer(permissionEnforcer)
+	if err != nil {
+		panic(err)
+	}
+}
+
+func initBuiltInApiEnforcer() {
+	apiEnforcer, err := GetEnforcer("built-in/api-enforcer-built-in")
+	if err != nil {
+		panic(err)
+	}
+
+	if apiEnforcer != nil {
+		return
+	}
+
+	apiEnforcer = &Enforcer{
+		Owner:       "built-in",
+		Name:        "api-enforcer-built-in",
+		CreatedTime: util.GetCurrentTime(),
+		DisplayName: "API Enforcer",
+		Model:       "built-in/api-model-built-in",
+		Adapter:     "built-in/api-adapter-built-in",
+		IsEnabled:   true,
+	}
+
+	_, err = AddEnforcer(apiEnforcer)
+	if err != nil {
+		panic(err)
+	}
+}

object/ldap.go

@@ -46,7 +46,7 @@ func AddLdap(ldap *Ldap) (bool, error) {
 		ldap.CreatedTime = util.GetCurrentTime()
 	}
 
-	affected, err := adapter.Engine.Insert(ldap)
+	affected, err := ormer.Engine.Insert(ldap)
 	if err != nil {
 		return false, err
 	}
@@ -56,7 +56,7 @@ func AddLdap(ldap *Ldap) (bool, error) {
 
 func CheckLdapExist(ldap *Ldap) (bool, error) {
 	var result []*Ldap
-	err := adapter.Engine.Find(&result, &Ldap{
+	err := ormer.Engine.Find(&result, &Ldap{
 		Owner:    ldap.Owner,
 		Host:     ldap.Host,
 		Port:     ldap.Port,
@@ -77,7 +77,7 @@ func CheckLdapExist(ldap *Ldap) (bool, error) {
 
 func GetLdaps(owner string) ([]*Ldap, error) {
 	var ldaps []*Ldap
-	err := adapter.Engine.Desc("created_time").Find(&ldaps, &Ldap{Owner: owner})
+	err := ormer.Engine.Desc("created_time").Find(&ldaps, &Ldap{Owner: owner})
 	if err != nil {
 		return ldaps, err
 	}
@@ -91,7 +91,7 @@ func GetLdap(id string) (*Ldap, error) {
 	}
 
 	ldap := Ldap{Id: id}
-	existed, err := adapter.Engine.Get(&ldap)
+	existed, err := ormer.Engine.Get(&ldap)
 	if err != nil {
 		return &ldap, nil
 	}
@@ -135,13 +135,19 @@ func GetMaskedLdaps(ldaps []*Ldap, errs ...error) ([]*Ldap, error) {
 }
 
 func UpdateLdap(ldap *Ldap) (bool, error) {
-	if l, err := GetLdap(ldap.Id); err != nil {
+	var l *Ldap
+	var err error
+	if l, err = GetLdap(ldap.Id); err != nil {
 		return false, nil
 	} else if l == nil {
 		return false, nil
 	}
 
-	affected, err := adapter.Engine.ID(ldap.Id).Cols("owner", "server_name", "host",
+	if ldap.Password == "***" {
+		ldap.Password = l.Password
+	}
+
+	affected, err := ormer.Engine.ID(ldap.Id).Cols("owner", "server_name", "host",
 		"port", "enable_ssl", "username", "password", "base_dn", "filter", "filter_fields", "auto_sync").Update(ldap)
 	if err != nil {
 		return false, nil
@@ -151,7 +157,7 @@ func UpdateLdap(ldap *Ldap) (bool, error) {
 }
 
 func DeleteLdap(ldap *Ldap) (bool, error) {
-	affected, err := adapter.Engine.ID(ldap.Id).Delete(&Ldap{})
+	affected, err := ormer.Engine.ID(ldap.Id).Delete(&Ldap{})
 	if err != nil {
 		return false, err
 	}

object/ldap_autosync.go

@@ -118,7 +118,7 @@ func (l *LdapAutoSynchronizer) syncRoutine(ldap *Ldap, stopChan chan struct{}) e
 // start all autosync goroutine for existing ldap servers in each organizations
 func (l *LdapAutoSynchronizer) LdapAutoSynchronizerStartUpAll() error {
 	organizations := []*Organization{}
-	err := adapter.Engine.Desc("created_time").Find(&organizations)
+	err := ormer.Engine.Desc("created_time").Find(&organizations)
 	if err != nil {
 		logs.Info("failed to Star up LdapAutoSynchronizer; ")
 	}
@@ -141,7 +141,7 @@ func (l *LdapAutoSynchronizer) LdapAutoSynchronizerStartUpAll() error {
 }
 
 func UpdateLdapSyncTime(ldapId string) error {
-	_, err := adapter.Engine.ID(ldapId).Update(&Ldap{LastSync: util.GetCurrentTime()})
+	_, err := ormer.Engine.ID(ldapId).Update(&Ldap{LastSync: util.GetCurrentTime()})
 	if err != nil {
 		return err
 	}

object/ldap_conn.go

@@ -338,7 +338,7 @@ func SyncLdapUsers(owner string, syncUsers []LdapUser, ldapId string) (existUser
 func GetExistUuids(owner string, uuids []string) ([]string, error) {
 	var existUuids []string
 
-	err := adapter.Engine.Table("user").Where("owner = ?", owner).Cols("ldap").
+	err := ormer.Engine.Table("user").Where("owner = ?", owner).Cols("ldap").
 		In("ldap", uuids).Select("DISTINCT ldap").Find(&existUuids)
 	if err != nil {
 		return existUuids, err
@@ -350,7 +350,7 @@ func GetExistUuids(owner string, uuids []string) ([]string, error) {
 func (ldapUser *LdapUser) buildLdapUserName() (string, error) {
 	user := User{}
 	uidWithNumber := fmt.Sprintf("%s_%s", ldapUser.Uid, ldapUser.UidNumber)
-	has, err := adapter.Engine.Where("name = ? or name = ?", ldapUser.Uid, uidWithNumber).Get(&user)
+	has, err := ormer.Engine.Where("name = ? or name = ?", ldapUser.Uid, uidWithNumber).Get(&user)
 	if err != nil {
 		return "", err
 	}

object/message.go

@@ -55,13 +55,13 @@ func GetMessageCount(owner, organization, field, value string) (int64, error) {
 
 func GetMessages(owner string) ([]*Message, error) {
 	messages := []*Message{}
-	err := adapter.Engine.Desc("created_time").Find(&messages, &Message{Owner: owner})
+	err := ormer.Engine.Desc("created_time").Find(&messages, &Message{Owner: owner})
 	return messages, err
 }
 
 func GetChatMessages(chat string) ([]*Message, error) {
 	messages := []*Message{}
-	err := adapter.Engine.Asc("created_time").Find(&messages, &Message{Chat: chat})
+	err := ormer.Engine.Asc("created_time").Find(&messages, &Message{Chat: chat})
 	return messages, err
 }
 
@@ -78,7 +78,7 @@ func getMessage(owner string, name string) (*Message, error) {
 	}
 
 	message := Message{Owner: owner, Name: name}
-	existed, err := adapter.Engine.Get(&message)
+	existed, err := ormer.Engine.Get(&message)
 	if err != nil {
 		return nil, err
 	}
@@ -103,7 +103,7 @@ func UpdateMessage(id string, message *Message) (bool, error) {
 		return false, nil
 	}
 
-	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(message)
+	affected, err := ormer.Engine.ID(core.PK{owner, name}).AllCols().Update(message)
 	if err != nil {
 		return false, err
 	}
@@ -112,7 +112,7 @@ func UpdateMessage(id string, message *Message) (bool, error) {
 }
 
 func AddMessage(message *Message) (bool, error) {
-	affected, err := adapter.Engine.Insert(message)
+	affected, err := ormer.Engine.Insert(message)
 	if err != nil {
 		return false, err
 	}
@@ -121,7 +121,7 @@ func AddMessage(message *Message) (bool, error) {
 }
 
 func DeleteMessage(message *Message) (bool, error) {
-	affected, err := adapter.Engine.ID(core.PK{message.Owner, message.Name}).Delete(&Message{})
+	affected, err := ormer.Engine.ID(core.PK{message.Owner, message.Name}).Delete(&Message{})
 	if err != nil {
 		return false, err
 	}
@@ -130,7 +130,7 @@ func DeleteMessage(message *Message) (bool, error) {
 }
 
 func DeleteChatMessages(chat string) (bool, error) {
-	affected, err := adapter.Engine.Delete(&Message{Chat: chat})
+	affected, err := ormer.Engine.Delete(&Message{Chat: chat})
 	if err != nil {
 		return false, err
 	}

object/migrator.go

@@ -43,7 +43,7 @@ func DoMigration() {
 		IDColumnName: "id",
 	}
 
-	m := migrate.New(adapter.Engine, options, migrations)
+	m := migrate.New(ormer.Engine, options, migrations)
 	err := m.Migrate()
 	if err != nil {
 		panic(err)

object/migrator_1_101_0_PR_1083.go

@@ -24,9 +24,9 @@ import (
 type Migrator_1_101_0_PR_1083 struct{}
 
 func (*Migrator_1_101_0_PR_1083) IsMigrationNeeded() bool {
-	exist1, _ := adapter.Engine.IsTableExist("model")
-	exist2, _ := adapter.Engine.IsTableExist("permission")
-	exist3, _ := adapter.Engine.IsTableExist("permission_rule")
+	exist1, _ := ormer.Engine.IsTableExist("model")
+	exist2, _ := ormer.Engine.IsTableExist("permission")
+	exist3, _ := ormer.Engine.IsTableExist("permission_rule")
 
 	if exist1 && exist2 && exist3 {
 		return true

object/migrator_1_235_0_PR_1530.go

@@ -23,7 +23,7 @@ import (
 type Migrator_1_235_0_PR_1530 struct{}
 
 func (*Migrator_1_235_0_PR_1530) IsMigrationNeeded() bool {
-	exist, _ := adapter.Engine.IsTableExist("casbin_rule")
+	exist, _ := ormer.Engine.IsTableExist("casbin_rule")
 
 	return exist
 }

object/migrator_1_240_0_PR_1539.go

@@ -24,8 +24,8 @@ import (
 type Migrator_1_240_0_PR_1539 struct{}
 
 func (*Migrator_1_240_0_PR_1539) IsMigrationNeeded() bool {
-	exist, _ := adapter.Engine.IsTableExist("session")
-	err := adapter.Engine.Table("session").Find(&[]*Session{})
+	exist, _ := ormer.Engine.IsTableExist("session")
+	err := ormer.Engine.Table("session").Find(&[]*Session{})
 
 	if exist && err != nil {
 		return true

object/migrator_1_314_0_PR_1841.go

@@ -22,7 +22,7 @@ import (
 type Migrator_1_314_0_PR_1841 struct{}
 
 func (*Migrator_1_314_0_PR_1841) IsMigrationNeeded() bool {
-	count, err := adapter.Engine.Where("password_type=?", "").Count(&User{})
+	count, err := ormer.Engine.Where("password_type=?", "").Count(&User{})
 	if err != nil {
 		// table doesn't exist
 		return false

object/model.go

@@ -31,6 +31,8 @@ type Model struct {
 
 	ModelText string `xorm:"mediumtext" json:"modelText"`
 	IsEnabled bool   `json:"isEnabled"`
+
+	model.Model `xorm:"-" json:"-"`
 }
 
 func GetModelCount(owner, field, value string) (int64, error) {
@@ -40,7 +42,7 @@ func GetModelCount(owner, field, value string) (int64, error) {
 
 func GetModels(owner string) ([]*Model, error) {
 	models := []*Model{}
-	err := adapter.Engine.Desc("created_time").Find(&models, &Model{Owner: owner})
+	err := ormer.Engine.Desc("created_time").Find(&models, &Model{Owner: owner})
 	if err != nil {
 		return models, err
 	}
@@ -65,7 +67,7 @@ func getModel(owner string, name string) (*Model, error) {
 	}
 
 	m := Model{Owner: owner, Name: name}
-	existed, err := adapter.Engine.Get(&m)
+	existed, err := ormer.Engine.Get(&m)
 	if err != nil {
 		return &m, err
 	}
@@ -111,7 +113,7 @@ func UpdateModel(id string, modelObj *Model) (bool, error) {
 		}
 	}
 
-	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(modelObj)
+	affected, err := ormer.Engine.ID(core.PK{owner, name}).AllCols().Update(modelObj)
 	if err != nil {
 		return false, err
 	}
@@ -120,7 +122,7 @@ func UpdateModel(id string, modelObj *Model) (bool, error) {
 }
 
 func AddModel(model *Model) (bool, error) {
-	affected, err := adapter.Engine.Insert(model)
+	affected, err := ormer.Engine.Insert(model)
 	if err != nil {
 		return false, err
 	}
@@ -129,7 +131,7 @@ func AddModel(model *Model) (bool, error) {
 }
 
 func DeleteModel(model *Model) (bool, error) {
-	affected, err := adapter.Engine.ID(core.PK{model.Owner, model.Name}).Delete(&Model{})
+	affected, err := ormer.Engine.ID(core.PK{model.Owner, model.Name}).Delete(&Model{})
 	if err != nil {
 		return false, err
 	}
@@ -137,12 +139,12 @@ func DeleteModel(model *Model) (bool, error) {
 	return affected != 0, nil
 }
 
-func (model *Model) GetId() string {
-	return fmt.Sprintf("%s/%s", model.Owner, model.Name)
+func (m *Model) GetId() string {
+	return fmt.Sprintf("%s/%s", m.Owner, m.Name)
 }
 
 func modelChangeTrigger(oldName string, newName string) error {
-	session := adapter.Engine.NewSession()
+	session := ormer.Engine.NewSession()
 	defer session.Close()
 
 	err := session.Begin()
@@ -175,3 +177,15 @@ func HasRoleDefinition(m model.Model) bool {
 	}
 	return m["g"] != nil
 }
+
+func (m *Model) initModel() error {
+	if m.Model == nil {
+		casbinModel, err := model.NewModelFromString(m.ModelText)
+		if err != nil {
+			return err
+		}
+		m.Model = casbinModel
+	}
+
+	return nil
+}

object/organization.go

@@ -80,12 +80,12 @@ func GetOrganizationCount(owner, field, value string) (int64, error) {
 func GetOrganizations(owner string, name ...string) ([]*Organization, error) {
 	organizations := []*Organization{}
 	if name != nil && len(name) > 0 {
-		err := adapter.Engine.Desc("created_time").Where(builder.In("name", name)).Find(&organizations)
+		err := ormer.Engine.Desc("created_time").Where(builder.In("name", name)).Find(&organizations)
 		if err != nil {
 			return nil, err
 		}
 	} else {
-		err := adapter.Engine.Desc("created_time").Find(&organizations, &Organization{Owner: owner})
+		err := ormer.Engine.Desc("created_time").Find(&organizations, &Organization{Owner: owner})
 		if err != nil {
 			return nil, err
 		}
@@ -96,7 +96,7 @@ func GetOrganizations(owner string, name ...string) ([]*Organization, error) {
 
 func GetOrganizationsByFields(owner string, fields ...string) ([]*Organization, error) {
 	organizations := []*Organization{}
-	err := adapter.Engine.Desc("created_time").Cols(fields...).Find(&organizations, &Organization{Owner: owner})
+	err := ormer.Engine.Desc("created_time").Cols(fields...).Find(&organizations, &Organization{Owner: owner})
 	if err != nil {
 		return nil, err
 	}
@@ -126,7 +126,7 @@ func getOrganization(owner string, name string) (*Organization, error) {
 	}
 
 	organization := Organization{Owner: owner, Name: name}
-	existed, err := adapter.Engine.Get(&organization)
+	existed, err := ormer.Engine.Get(&organization)
 	if err != nil {
 		return nil, err
 	}
@@ -201,7 +201,7 @@ func UpdateOrganization(id string, organization *Organization) (bool, error) {
 		}
 	}
 
-	session := adapter.Engine.ID(core.PK{owner, name}).AllCols()
+	session := ormer.Engine.ID(core.PK{owner, name}).AllCols()
 	if organization.MasterPassword == "***" {
 		session.Omit("master_password")
 	}
@@ -214,7 +214,7 @@ func UpdateOrganization(id string, organization *Organization) (bool, error) {
 }
 
 func AddOrganization(organization *Organization) (bool, error) {
-	affected, err := adapter.Engine.Insert(organization)
+	affected, err := ormer.Engine.Insert(organization)
 	if err != nil {
 		return false, err
 	}
@@ -227,7 +227,7 @@ func DeleteOrganization(organization *Organization) (bool, error) {
 		return false, nil
 	}
 
-	affected, err := adapter.Engine.ID(core.PK{organization.Owner, organization.Name}).Delete(&Organization{})
+	affected, err := ormer.Engine.ID(core.PK{organization.Owner, organization.Name}).Delete(&Organization{})
 	if err != nil {
 		return false, err
 	}
@@ -299,7 +299,7 @@ func GetDefaultApplication(id string) (*Application, error) {
 	}
 
 	applications := []*Application{}
-	err = adapter.Engine.Asc("created_time").Find(&applications, &Application{Organization: organization.Name})
+	err = ormer.Engine.Asc("created_time").Find(&applications, &Application{Organization: organization.Name})
 	if err != nil {
 		return nil, err
 	}
@@ -330,7 +330,7 @@ func GetDefaultApplication(id string) (*Application, error) {
 }
 
 func organizationChangeTrigger(oldName string, newName string) error {
-	session := adapter.Engine.NewSession()
+	session := ormer.Engine.NewSession()
 	defer session.Close()
 
 	err := session.Begin()
@@ -360,7 +360,7 @@ func organizationChangeTrigger(oldName string, newName string) error {
 	}
 
 	role := new(Role)
-	_, err = adapter.Engine.Where("owner=?", oldName).Get(role)
+	_, err = ormer.Engine.Where("owner=?", oldName).Get(role)
 	if err != nil {
 		return err
 	}
@@ -385,7 +385,7 @@ func organizationChangeTrigger(oldName string, newName string) error {
 	}
 
 	permission := new(Permission)
-	_, err = adapter.Engine.Where("owner=?", oldName).Get(permission)
+	_, err = ormer.Engine.Where("owner=?", oldName).Get(permission)
 	if err != nil {
 		return err
 	}
@@ -409,9 +409,9 @@ func organizationChangeTrigger(oldName string, newName string) error {
 		return err
 	}
 
-	casbinAdapter := new(CasbinAdapter)
-	casbinAdapter.Owner = newName
-	_, err = session.Where("owner=?", oldName).Update(casbinAdapter)
+	adapter := new(Adapter)
+	adapter.Owner = newName
+	_, err = session.Where("owner=?", oldName).Update(adapter)
 	if err != nil {
 		return err
 	}
@@ -431,7 +431,7 @@ func organizationChangeTrigger(oldName string, newName string) error {
 	}
 
 	payment := new(Payment)
-	payment.Organization = newName
+	payment.Owner = newName
 	_, err = session.Where("organization=?", oldName).Update(payment)
 	if err != nil {
 		return err

object/ormer.go

@@ -0,0 +1,379 @@
+// Copyright 2021 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"database/sql"
+	"fmt"
+	"runtime"
+	"strings"
+
+	"github.com/beego/beego"
+	"github.com/casdoor/casdoor/conf"
+	"github.com/casdoor/casdoor/util"
+	xormadapter "github.com/casdoor/xorm-adapter/v3"
+	_ "github.com/denisenkom/go-mssqldb" // db = mssql
+	_ "github.com/go-sql-driver/mysql"   // db = mysql
+	_ "github.com/lib/pq"                // db = postgres
+	"github.com/xorm-io/core"
+	"github.com/xorm-io/xorm"
+	_ "modernc.org/sqlite" // db = sqlite
+)
+
+var ormer *Ormer
+
+func InitConfig() {
+	err := beego.LoadAppConfig("ini", "../conf/app.conf")
+	if err != nil {
+		panic(err)
+	}
+
+	beego.BConfig.WebConfig.Session.SessionOn = true
+
+	InitAdapter(true)
+	CreateTables(true)
+	DoMigration()
+}
+
+func InitAdapter(createDatabase bool) {
+	if createDatabase {
+		err := createDatabaseForPostgres(conf.GetConfigString("driverName"), conf.GetConfigDataSourceName(), conf.GetConfigString("dbName"))
+		if err != nil {
+			panic(err)
+		}
+	}
+
+	ormer = NewAdapter(conf.GetConfigString("driverName"), conf.GetConfigDataSourceName(), conf.GetConfigString("dbName"))
+
+	tableNamePrefix := conf.GetConfigString("tableNamePrefix")
+	tbMapper := core.NewPrefixMapper(core.SnakeMapper{}, tableNamePrefix)
+	ormer.Engine.SetTableMapper(tbMapper)
+}
+
+func CreateTables(createDatabase bool) {
+	if createDatabase {
+		err := ormer.CreateDatabase()
+		if err != nil {
+			panic(err)
+		}
+	}
+
+	ormer.createTable()
+}
+
+// Ormer represents the MySQL adapter for policy storage.
+type Ormer struct {
+	driverName     string
+	dataSourceName string
+	dbName         string
+	Engine         *xorm.Engine
+}
+
+// finalizer is the destructor for Ormer.
+func finalizer(a *Ormer) {
+	err := a.Engine.Close()
+	if err != nil {
+		panic(err)
+	}
+}
+
+// NewAdapter is the constructor for Ormer.
+func NewAdapter(driverName string, dataSourceName string, dbName string) *Ormer {
+	a := &Ormer{}
+	a.driverName = driverName
+	a.dataSourceName = dataSourceName
+	a.dbName = dbName
+
+	// Open the DB, create it if not existed.
+	a.open()
+
+	// Call the destructor when the object is released.
+	runtime.SetFinalizer(a, finalizer)
+
+	return a
+}
+
+func createDatabaseForPostgres(driverName string, dataSourceName string, dbName string) error {
+	if driverName == "postgres" {
+		db, err := sql.Open(driverName, dataSourceName)
+		if err != nil {
+			return err
+		}
+		defer db.Close()
+
+		_, err = db.Exec(fmt.Sprintf("CREATE DATABASE %s;", dbName))
+		if err != nil {
+			if !strings.Contains(err.Error(), "already exists") {
+				return err
+			}
+		}
+
+		return nil
+	} else {
+		return nil
+	}
+}
+
+func (a *Ormer) CreateDatabase() error {
+	if a.driverName == "postgres" {
+		return nil
+	}
+
+	engine, err := xorm.NewEngine(a.driverName, a.dataSourceName)
+	if err != nil {
+		return err
+	}
+	defer engine.Close()
+
+	_, err = engine.Exec(fmt.Sprintf("CREATE DATABASE IF NOT EXISTS %s default charset utf8mb4 COLLATE utf8mb4_general_ci", a.dbName))
+	return err
+}
+
+func (a *Ormer) open() {
+	dataSourceName := a.dataSourceName + a.dbName
+	if a.driverName != "mysql" {
+		dataSourceName = a.dataSourceName
+	}
+
+	engine, err := xorm.NewEngine(a.driverName, dataSourceName)
+	if err != nil {
+		panic(err)
+	}
+
+	a.Engine = engine
+}
+
+func (a *Ormer) close() {
+	_ = a.Engine.Close()
+	a.Engine = nil
+}
+
+func (a *Ormer) createTable() {
+	showSql := conf.GetConfigBool("showSql")
+	a.Engine.ShowSQL(showSql)
+
+	err := a.Engine.Sync2(new(Organization))
+	if err != nil {
+		panic(err)
+	}
+
+	err = a.Engine.Sync2(new(User))
+	if err != nil {
+		panic(err)
+	}
+
+	err = a.Engine.Sync2(new(Group))
+	if err != nil {
+		panic(err)
+	}
+
+	err = a.Engine.Sync2(new(Role))
+	if err != nil {
+		panic(err)
+	}
+
+	err = a.Engine.Sync2(new(Permission))
+	if err != nil {
+		panic(err)
+	}
+
+	err = a.Engine.Sync2(new(Model))
+	if err != nil {
+		panic(err)
+	}
+
+	err = a.Engine.Sync2(new(Adapter))
+	if err != nil {
+		panic(err)
+	}
+
+	err = a.Engine.Sync2(new(Enforcer))
+	if err != nil {
+		panic(err)
+	}
+
+	err = a.Engine.Sync2(new(Provider))
+	if err != nil {
+		panic(err)
+	}
+
+	err = a.Engine.Sync2(new(Application))
+	if err != nil {
+		panic(err)
+	}
+
+	err = a.Engine.Sync2(new(Resource))
+	if err != nil {
+		panic(err)
+	}
+
+	err = a.Engine.Sync2(new(Token))
+	if err != nil {
+		panic(err)
+	}
+
+	err = a.Engine.Sync2(new(VerificationRecord))
+	if err != nil {
+		panic(err)
+	}
+
+	err = a.Engine.Sync2(new(Record))
+	if err != nil {
+		panic(err)
+	}
+
+	err = a.Engine.Sync2(new(Webhook))
+	if err != nil {
+		panic(err)
+	}
+
+	err = a.Engine.Sync2(new(Syncer))
+	if err != nil {
+		panic(err)
+	}
+
+	err = a.Engine.Sync2(new(Cert))
+	if err != nil {
+		panic(err)
+	}
+
+	err = a.Engine.Sync2(new(Chat))
+	if err != nil {
+		panic(err)
+	}
+
+	err = a.Engine.Sync2(new(Message))
+	if err != nil {
+		panic(err)
+	}
+
+	err = a.Engine.Sync2(new(Product))
+	if err != nil {
+		panic(err)
+	}
+
+	err = a.Engine.Sync2(new(Payment))
+	if err != nil {
+		panic(err)
+	}
+
+	err = a.Engine.Sync2(new(Ldap))
+	if err != nil {
+		panic(err)
+	}
+
+	err = a.Engine.Sync2(new(PermissionRule))
+	if err != nil {
+		panic(err)
+	}
+
+	err = a.Engine.Sync2(new(xormadapter.CasbinRule))
+	if err != nil {
+		panic(err)
+	}
+
+	err = a.Engine.Sync2(new(Session))
+	if err != nil {
+		panic(err)
+	}
+
+	err = a.Engine.Sync2(new(Subscription))
+	if err != nil {
+		panic(err)
+	}
+
+	err = a.Engine.Sync2(new(Plan))
+	if err != nil {
+		panic(err)
+	}
+
+	err = a.Engine.Sync2(new(Pricing))
+	if err != nil {
+		panic(err)
+	}
+}
+
+func GetSession(owner string, offset, limit int, field, value, sortField, sortOrder string) *xorm.Session {
+	session := ormer.Engine.Prepare()
+	if offset != -1 && limit != -1 {
+		session.Limit(limit, offset)
+	}
+	if owner != "" {
+		session = session.And("owner=?", owner)
+	}
+	if field != "" && value != "" {
+		if util.FilterField(field) {
+			session = session.And(fmt.Sprintf("%s like ?", util.SnakeString(field)), fmt.Sprintf("%%%s%%", value))
+		}
+	}
+	if sortField == "" || sortOrder == "" {
+		sortField = "created_time"
+	}
+	if sortOrder == "ascend" {
+		session = session.Asc(util.SnakeString(sortField))
+	} else {
+		session = session.Desc(util.SnakeString(sortField))
+	}
+	return session
+}
+
+func GetSessionForUser(owner string, offset, limit int, field, value, sortField, sortOrder string) *xorm.Session {
+	session := ormer.Engine.Prepare()
+	if offset != -1 && limit != -1 {
+		session.Limit(limit, offset)
+	}
+	if owner != "" {
+		if offset == -1 {
+			session = session.And("owner=?", owner)
+		} else {
+			session = session.And("a.owner=?", owner)
+		}
+	}
+	if field != "" && value != "" {
+		if util.FilterField(field) {
+			if offset != -1 {
+				field = fmt.Sprintf("a.%s", field)
+			}
+			session = session.And(fmt.Sprintf("%s like ?", util.SnakeString(field)), fmt.Sprintf("%%%s%%", value))
+		}
+	}
+	if sortField == "" || sortOrder == "" {
+		sortField = "created_time"
+	}
+
+	tableNamePrefix := conf.GetConfigString("tableNamePrefix")
+	tableName := tableNamePrefix + "user"
+	if offset == -1 {
+		if sortOrder == "ascend" {
+			session = session.Asc(util.SnakeString(sortField))
+		} else {
+			session = session.Desc(util.SnakeString(sortField))
+		}
+	} else {
+		if sortOrder == "ascend" {
+			session = session.Alias("a").
+				Join("INNER", []string{tableName, "b"}, "a.owner = b.owner and a.name = b.name").
+				Select("b.*").
+				Asc("a." + util.SnakeString(sortField))
+		} else {
+			session = session.Alias("a").
+				Join("INNER", []string{tableName, "b"}, "a.owner = b.owner and a.name = b.name").
+				Select("b.*").
+				Desc("a." + util.SnakeString(sortField))
+		}
+	}
+
+	return session
+}

object/payment.go

@@ -18,6 +18,8 @@ import (
 	"fmt"
 	"net/http"
 
+	"github.com/casdoor/casdoor/pp"
+
 	"github.com/casdoor/casdoor/util"
 	"github.com/xorm-io/core"
 )
@@ -27,43 +29,44 @@ type Payment struct {
 	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
 	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
 	DisplayName string `xorm:"varchar(100)" json:"displayName"`
-
-	Provider           string `xorm:"varchar(100)" json:"provider"`
-	Type               string `xorm:"varchar(100)" json:"type"`
-	Organization       string `xorm:"varchar(100)" json:"organization"`
-	User               string `xorm:"varchar(100)" json:"user"`
-	ProductName        string `xorm:"varchar(100)" json:"productName"`
-	ProductDisplayName string `xorm:"varchar(100)" json:"productDisplayName"`
-
-	Detail   string  `xorm:"varchar(255)" json:"detail"`
-	Tag      string  `xorm:"varchar(100)" json:"tag"`
-	Currency string  `xorm:"varchar(100)" json:"currency"`
-	Price    float64 `json:"price"`
-
-	PayUrl    string `xorm:"varchar(2000)" json:"payUrl"`
-	ReturnUrl string `xorm:"varchar(1000)" json:"returnUrl"`
-	State     string `xorm:"varchar(100)" json:"state"`
-	Message   string `xorm:"varchar(2000)" json:"message"`
-
-	PersonName    string `xorm:"varchar(100)" json:"personName"`
-	PersonIdCard  string `xorm:"varchar(100)" json:"personIdCard"`
-	PersonEmail   string `xorm:"varchar(100)" json:"personEmail"`
-	PersonPhone   string `xorm:"varchar(100)" json:"personPhone"`
+	// Payment Provider Info
+	Provider string `xorm:"varchar(100)" json:"provider"`
+	Type     string `xorm:"varchar(100)" json:"type"`
+	// Product Info
+	ProductName        string  `xorm:"varchar(100)" json:"productName"`
+	ProductDisplayName string  `xorm:"varchar(100)" json:"productDisplayName"`
+	Detail             string  `xorm:"varchar(255)" json:"detail"`
+	Tag                string  `xorm:"varchar(100)" json:"tag"`
+	Currency           string  `xorm:"varchar(100)" json:"currency"`
+	Price              float64 `json:"price"`
+	ReturnUrl          string  `xorm:"varchar(1000)" json:"returnUrl"`
+	// Payer Info
+	User         string `xorm:"varchar(100)" json:"user"`
+	PersonName   string `xorm:"varchar(100)" json:"personName"`
+	PersonIdCard string `xorm:"varchar(100)" json:"personIdCard"`
+	PersonEmail  string `xorm:"varchar(100)" json:"personEmail"`
+	PersonPhone  string `xorm:"varchar(100)" json:"personPhone"`
+	// Invoice Info
 	InvoiceType   string `xorm:"varchar(100)" json:"invoiceType"`
 	InvoiceTitle  string `xorm:"varchar(100)" json:"invoiceTitle"`
 	InvoiceTaxId  string `xorm:"varchar(100)" json:"invoiceTaxId"`
 	InvoiceRemark string `xorm:"varchar(100)" json:"invoiceRemark"`
 	InvoiceUrl    string `xorm:"varchar(255)" json:"invoiceUrl"`
+	// Order Info
+	OutOrderId string          `xorm:"varchar(100)" json:"outOrderId"`
+	PayUrl     string          `xorm:"varchar(2000)" json:"payUrl"`
+	State      pp.PaymentState `xorm:"varchar(100)" json:"state"`
+	Message    string          `xorm:"varchar(2000)" json:"message"`
 }
 
-func GetPaymentCount(owner, organization, field, value string) (int64, error) {
+func GetPaymentCount(owner, field, value string) (int64, error) {
 	session := GetSession(owner, -1, -1, field, value, "", "")
-	return session.Count(&Payment{Organization: organization})
+	return session.Count(&Payment{Owner: owner})
 }
 
 func GetPayments(owner string) ([]*Payment, error) {
 	payments := []*Payment{}
-	err := adapter.Engine.Desc("created_time").Find(&payments, &Payment{Owner: owner})
+	err := ormer.Engine.Desc("created_time").Find(&payments, &Payment{Owner: owner})
 	if err != nil {
 		return nil, err
 	}
@@ -71,9 +74,9 @@ func GetPayments(owner string) ([]*Payment, error) {
 	return payments, nil
 }
 
-func GetUserPayments(owner string, organization string, user string) ([]*Payment, error) {
+func GetUserPayments(owner, user string) ([]*Payment, error) {
 	payments := []*Payment{}
-	err := adapter.Engine.Desc("created_time").Find(&payments, &Payment{Owner: owner, Organization: organization, User: user})
+	err := ormer.Engine.Desc("created_time").Find(&payments, &Payment{Owner: owner, User: user})
 	if err != nil {
 		return nil, err
 	}
@@ -81,10 +84,10 @@ func GetUserPayments(owner string, organization string, user string) ([]*Payment
 	return payments, nil
 }
 
-func GetPaginationPayments(owner, organization string, offset, limit int, field, value, sortField, sortOrder string) ([]*Payment, error) {
+func GetPaginationPayments(owner string, offset, limit int, field, value, sortField, sortOrder string) ([]*Payment, error) {
 	payments := []*Payment{}
 	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
-	err := session.Find(&payments, &Payment{Organization: organization})
+	err := session.Find(&payments, &Payment{Owner: owner})
 	if err != nil {
 		return nil, err
 	}
@@ -98,7 +101,7 @@ func getPayment(owner string, name string) (*Payment, error) {
 	}
 
 	payment := Payment{Owner: owner, Name: name}
-	existed, err := adapter.Engine.Get(&payment)
+	existed, err := ormer.Engine.Get(&payment)
 	if err != nil {
 		return nil, err
 	}
@@ -123,16 +126,16 @@ func UpdatePayment(id string, payment *Payment) (bool, error) {
 		return false, nil
 	}
 
-	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(payment)
+	affected, err := ormer.Engine.ID(core.PK{owner, name}).AllCols().Update(payment)
 	if err != nil {
-		panic(err)
+		return false, err
 	}
 
 	return affected != 0, nil
 }
 
 func AddPayment(payment *Payment) (bool, error) {
-	affected, err := adapter.Engine.Insert(payment)
+	affected, err := ormer.Engine.Insert(payment)
 	if err != nil {
 		return false, err
 	}
@@ -141,7 +144,7 @@ func AddPayment(payment *Payment) (bool, error) {
 }
 
 func DeletePayment(payment *Payment) (bool, error) {
-	affected, err := adapter.Engine.ID(core.PK{payment.Owner, payment.Name}).Delete(&Payment{})
+	affected, err := ormer.Engine.ID(core.PK{payment.Owner, payment.Name}).Delete(&Payment{})
 	if err != nil {
 		return false, err
 	}
@@ -149,73 +152,72 @@ func DeletePayment(payment *Payment) (bool, error) {
 	return affected != 0, nil
 }
 
-func notifyPayment(request *http.Request, body []byte, owner string, providerName string, productName string, paymentName string, orderId string) (*Payment, error, string) {
-	provider, err := getProvider(owner, providerName)
-	if err != nil {
-		panic(err)
-	}
-
-	pProvider, cert, err := provider.getPaymentProvider()
-	if err != nil {
-		panic(err)
-	}
-
+func notifyPayment(request *http.Request, body []byte, owner string, paymentName string, orderId string) (*Payment, *pp.NotifyResult, error) {
 	payment, err := getPayment(owner, paymentName)
 	if err != nil {
-		panic(err)
+		return nil, nil, err
 	}
-
 	if payment == nil {
 		err = fmt.Errorf("the payment: %s does not exist", paymentName)
-		return nil, err, pProvider.GetResponseError(err)
+		return nil, nil, err
 	}
 
-	product, err := getProduct(owner, productName)
+	provider, err := getProvider(owner, payment.Provider)
 	if err != nil {
-		panic(err)
+		return nil, nil, err
+	}
+	pProvider, cert, err := provider.getPaymentProvider()
+	if err != nil {
+		return nil, nil, err
 	}
 
+	product, err := getProduct(owner, payment.ProductName)
+	if err != nil {
+		return nil, nil, err
+	}
 	if product == nil {
-		err = fmt.Errorf("the product: %s does not exist", productName)
-		return payment, err, pProvider.GetResponseError(err)
+		err = fmt.Errorf("the product: %s does not exist", payment.ProductName)
+		return nil, nil, err
 	}
 
-	productDisplayName, paymentName, price, productName, providerName, err := pProvider.Notify(request, body, cert.AuthorityPublicKey, orderId)
+	if orderId == "" {
+		orderId = payment.OutOrderId
+	}
+
+	notifyResult, err := pProvider.Notify(request, body, cert.AuthorityPublicKey, orderId)
 	if err != nil {
-		return payment, err, pProvider.GetResponseError(err)
+		return payment, notifyResult, err
 	}
 
-	if productDisplayName != "" && productDisplayName != product.DisplayName {
-		err = fmt.Errorf("the payment's product name: %s doesn't equal to the expected product name: %s", productDisplayName, product.DisplayName)
-		return payment, err, pProvider.GetResponseError(err)
+	if notifyResult.ProductDisplayName != "" && notifyResult.ProductDisplayName != product.DisplayName {
+		err = fmt.Errorf("the payment's product name: %s doesn't equal to the expected product name: %s", notifyResult.ProductDisplayName, product.DisplayName)
+		return payment, notifyResult, err
 	}
 
-	if price != product.Price {
-		err = fmt.Errorf("the payment's price: %f doesn't equal to the expected price: %f", price, product.Price)
-		return payment, err, pProvider.GetResponseError(err)
+	if notifyResult.Price != product.Price {
+		err = fmt.Errorf("the payment's price: %f doesn't equal to the expected price: %f", notifyResult.Price, product.Price)
+		return payment, notifyResult, err
 	}
 
-	err = nil
-	return payment, err, pProvider.GetResponseError(err)
+	return payment, notifyResult, err
 }
 
-func NotifyPayment(request *http.Request, body []byte, owner string, providerName string, productName string, paymentName string, orderId string) (error, string) {
-	payment, err, errorResponse := notifyPayment(request, body, owner, providerName, productName, paymentName, orderId)
+func NotifyPayment(request *http.Request, body []byte, owner string, paymentName string, orderId string) (*Payment, error) {
+	payment, notifyResult, err := notifyPayment(request, body, owner, paymentName, orderId)
 	if payment != nil {
 		if err != nil {
-			payment.State = "Error"
+			payment.State = pp.PaymentStateError
 			payment.Message = err.Error()
 		} else {
-			payment.State = "Paid"
+			payment.State = notifyResult.PaymentStatus
 		}
-
 		_, err = UpdatePayment(payment.GetId(), payment)
 		if err != nil {
-			panic(err)
+			return nil, err
 		}
 	}
 
-	return err, errorResponse
+	return payment, nil
 }
 
 func invoicePayment(payment *Payment) (string, error) {
@@ -242,7 +244,7 @@ func invoicePayment(payment *Payment) (string, error) {
 }
 
 func InvoicePayment(payment *Payment) (string, error) {
-	if payment.State != "Paid" {
+	if payment.State != pp.PaymentStatePaid {
 		return "", fmt.Errorf("the payment state is supposed to be: \"%s\", got: \"%s\"", "Paid", payment.State)
 	}
 

object/permission.go

@@ -74,7 +74,7 @@ func GetPermissionCount(owner, field, value string) (int64, error) {
 
 func GetPermissions(owner string) ([]*Permission, error) {
 	permissions := []*Permission{}
-	err := adapter.Engine.Desc("created_time").Find(&permissions, &Permission{Owner: owner})
+	err := ormer.Engine.Desc("created_time").Find(&permissions, &Permission{Owner: owner})
 	if err != nil {
 		return permissions, err
 	}
@@ -99,7 +99,7 @@ func getPermission(owner string, name string) (*Permission, error) {
 	}
 
 	permission := Permission{Owner: owner, Name: name}
-	existed, err := adapter.Engine.Get(&permission)
+	existed, err := ormer.Engine.Get(&permission)
 	if err != nil {
 		return &permission, err
 	}
@@ -112,7 +112,7 @@ func getPermission(owner string, name string) (*Permission, error) {
 }
 
 func GetPermission(id string) (*Permission, error) {
-	owner, name := util.GetOwnerAndNameFromId(id)
+	owner, name := util.GetOwnerAndNameFromIdNoCheck(id)
 	return getPermission(owner, name)
 }
 
@@ -149,13 +149,13 @@ func UpdatePermission(id string, permission *Permission) (bool, error) {
 		return false, err
 	}
 
-	owner, name := util.GetOwnerAndNameFromId(id)
+	owner, name := util.GetOwnerAndNameFromIdNoCheck(id)
 	oldPermission, err := getPermission(owner, name)
 	if oldPermission == nil {
 		return false, nil
 	}
 
-	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(permission)
+	affected, err := ormer.Engine.ID(core.PK{owner, name}).AllCols().Update(permission)
 	if err != nil {
 		return false, err
 	}
@@ -164,9 +164,9 @@ func UpdatePermission(id string, permission *Permission) (bool, error) {
 		removeGroupingPolicies(oldPermission)
 		removePolicies(oldPermission)
 		if oldPermission.Adapter != "" && oldPermission.Adapter != permission.Adapter {
-			isEmpty, _ := adapter.Engine.IsTableEmpty(oldPermission.Adapter)
+			isEmpty, _ := ormer.Engine.IsTableEmpty(oldPermission.Adapter)
 			if isEmpty {
-				err = adapter.Engine.DropTables(oldPermission.Adapter)
+				err = ormer.Engine.DropTables(oldPermission.Adapter)
 				if err != nil {
 					return false, err
 				}
@@ -180,7 +180,7 @@ func UpdatePermission(id string, permission *Permission) (bool, error) {
 }
 
 func AddPermission(permission *Permission) (bool, error) {
-	affected, err := adapter.Engine.Insert(permission)
+	affected, err := ormer.Engine.Insert(permission)
 	if err != nil {
 		return false, err
 	}
@@ -198,7 +198,7 @@ func AddPermissions(permissions []*Permission) bool {
 		return false
 	}
 
-	affected, err := adapter.Engine.Insert(permissions)
+	affected, err := ormer.Engine.Insert(permissions)
 	if err != nil {
 		if !strings.Contains(err.Error(), "Duplicate entry") {
 			panic(err)
@@ -242,7 +242,7 @@ func AddPermissionsInBatch(permissions []*Permission) bool {
 }
 
 func DeletePermission(permission *Permission) (bool, error) {
-	affected, err := adapter.Engine.ID(core.PK{permission.Owner, permission.Name}).Delete(&Permission{})
+	affected, err := ormer.Engine.ID(core.PK{permission.Owner, permission.Name}).Delete(&Permission{})
 	if err != nil {
 		return false, err
 	}
@@ -251,9 +251,9 @@ func DeletePermission(permission *Permission) (bool, error) {
 		removeGroupingPolicies(permission)
 		removePolicies(permission)
 		if permission.Adapter != "" && permission.Adapter != "permission_rule" {
-			isEmpty, _ := adapter.Engine.IsTableEmpty(permission.Adapter)
+			isEmpty, _ := ormer.Engine.IsTableEmpty(permission.Adapter)
 			if isEmpty {
-				err = adapter.Engine.DropTables(permission.Adapter)
+				err = ormer.Engine.DropTables(permission.Adapter)
 				if err != nil {
 					return false, err
 				}
@@ -266,7 +266,7 @@ func DeletePermission(permission *Permission) (bool, error) {
 
 func GetPermissionsAndRolesByUser(userId string) ([]*Permission, []*Role, error) {
 	permissions := []*Permission{}
-	err := adapter.Engine.Where("users like ?", "%"+userId+"\"%").Find(&permissions)
+	err := ormer.Engine.Where("users like ?", "%"+userId+"\"%").Find(&permissions)
 	if err != nil {
 		return nil, nil, err
 	}
@@ -290,7 +290,7 @@ func GetPermissionsAndRolesByUser(userId string) ([]*Permission, []*Role, error)
 
 	for _, role := range roles {
 		perms := []*Permission{}
-		err := adapter.Engine.Where("roles like ?", "%"+role.Name+"\"%").Find(&perms)
+		err := ormer.Engine.Where("roles like ?", "%"+role.Name+"\"%").Find(&perms)
 		if err != nil {
 			return nil, nil, err
 		}
@@ -310,7 +310,7 @@ func GetPermissionsAndRolesByUser(userId string) ([]*Permission, []*Role, error)
 
 func GetPermissionsByRole(roleId string) ([]*Permission, error) {
 	permissions := []*Permission{}
-	err := adapter.Engine.Where("roles like ?", "%"+roleId+"\"%").Find(&permissions)
+	err := ormer.Engine.Where("roles like ?", "%"+roleId+"\"%").Find(&permissions)
 	if err != nil {
 		return permissions, err
 	}
@@ -320,7 +320,7 @@ func GetPermissionsByRole(roleId string) ([]*Permission, error) {
 
 func GetPermissionsByResource(resourceId string) ([]*Permission, error) {
 	permissions := []*Permission{}
-	err := adapter.Engine.Where("resources like ?", "%"+resourceId+"\"%").Find(&permissions)
+	err := ormer.Engine.Where("resources like ?", "%"+resourceId+"\"%").Find(&permissions)
 	if err != nil {
 		return permissions, err
 	}
@@ -330,7 +330,7 @@ func GetPermissionsByResource(resourceId string) ([]*Permission, error) {
 
 func GetPermissionsBySubmitter(owner string, submitter string) ([]*Permission, error) {
 	permissions := []*Permission{}
-	err := adapter.Engine.Desc("created_time").Find(&permissions, &Permission{Owner: owner, Submitter: submitter})
+	err := ormer.Engine.Desc("created_time").Find(&permissions, &Permission{Owner: owner, Submitter: submitter})
 	if err != nil {
 		return permissions, err
 	}
@@ -340,7 +340,7 @@ func GetPermissionsBySubmitter(owner string, submitter string) ([]*Permission, e
 
 func GetPermissionsByModel(owner string, model string) ([]*Permission, error) {
 	permissions := []*Permission{}
-	err := adapter.Engine.Desc("created_time").Find(&permissions, &Permission{Owner: owner, Model: model})
+	err := ormer.Engine.Desc("created_time").Find(&permissions, &Permission{Owner: owner, Model: model})
 	if err != nil {
 		return permissions, err
 	}

object/permission_enforcer.go

@@ -69,7 +69,7 @@ func getPermissionEnforcer(p *Permission, permissionIDs ...string) *casbin.Enfor
 func (p *Permission) setEnforcerAdapter(enforcer *casbin.Enforcer) error {
 	tableName := "permission_rule"
 	if len(p.Adapter) != 0 {
-		adapterObj, err := getCasbinAdapter(p.Owner, p.Adapter)
+		adapterObj, err := getAdapter(p.Owner, p.Adapter)
 		if err != nil {
 			return err
 		}
@@ -81,12 +81,12 @@ func (p *Permission) setEnforcerAdapter(enforcer *casbin.Enforcer) error {
 	tableNamePrefix := conf.GetConfigString("tableNamePrefix")
 	driverName := conf.GetConfigString("driverName")
 	dataSourceName := conf.GetConfigRealDataSourceName(driverName)
-	casbinAdapter, err := xormadapter.NewAdapterWithTableName(driverName, dataSourceName, tableName, tableNamePrefix, true)
+	adapter, err := xormadapter.NewAdapterWithTableName(driverName, dataSourceName, tableName, tableNamePrefix, true)
 	if err != nil {
 		return err
 	}
 
-	enforcer.SetAdapter(casbinAdapter)
+	enforcer.SetAdapter(adapter)
 	return nil
 }
 

object/plan.go

@@ -44,7 +44,7 @@ func GetPlanCount(owner, field, value string) (int64, error) {
 
 func GetPlans(owner string) ([]*Plan, error) {
 	plans := []*Plan{}
-	err := adapter.Engine.Desc("created_time").Find(&plans, &Plan{Owner: owner})
+	err := ormer.Engine.Desc("created_time").Find(&plans, &Plan{Owner: owner})
 	if err != nil {
 		return plans, err
 	}
@@ -67,7 +67,7 @@ func getPlan(owner, name string) (*Plan, error) {
 	}
 
 	plan := Plan{Owner: owner, Name: name}
-	existed, err := adapter.Engine.Get(&plan)
+	existed, err := ormer.Engine.Get(&plan)
 	if err != nil {
 		return &plan, err
 	}
@@ -91,7 +91,7 @@ func UpdatePlan(id string, plan *Plan) (bool, error) {
 		return false, nil
 	}
 
-	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(plan)
+	affected, err := ormer.Engine.ID(core.PK{owner, name}).AllCols().Update(plan)
 	if err != nil {
 		return false, err
 	}
@@ -100,7 +100,7 @@ func UpdatePlan(id string, plan *Plan) (bool, error) {
 }
 
 func AddPlan(plan *Plan) (bool, error) {
-	affected, err := adapter.Engine.Insert(plan)
+	affected, err := ormer.Engine.Insert(plan)
 	if err != nil {
 		return false, err
 	}
@@ -108,7 +108,7 @@ func AddPlan(plan *Plan) (bool, error) {
 }
 
 func DeletePlan(plan *Plan) (bool, error) {
-	affected, err := adapter.Engine.ID(core.PK{plan.Owner, plan.Name}).Delete(plan)
+	affected, err := ormer.Engine.ID(core.PK{plan.Owner, plan.Name}).Delete(plan)
 	if err != nil {
 		return false, err
 	}

object/pricing.go

@@ -48,7 +48,7 @@ func GetPricingCount(owner, field, value string) (int64, error) {
 
 func GetPricings(owner string) ([]*Pricing, error) {
 	pricings := []*Pricing{}
-	err := adapter.Engine.Desc("created_time").Find(&pricings, &Pricing{Owner: owner})
+	err := ormer.Engine.Desc("created_time").Find(&pricings, &Pricing{Owner: owner})
 	if err != nil {
 		return pricings, err
 	}
@@ -72,7 +72,7 @@ func getPricing(owner, name string) (*Pricing, error) {
 	}
 
 	pricing := Pricing{Owner: owner, Name: name}
-	existed, err := adapter.Engine.Get(&pricing)
+	existed, err := ormer.Engine.Get(&pricing)
 	if err != nil {
 		return &pricing, err
 	}
@@ -96,7 +96,7 @@ func UpdatePricing(id string, pricing *Pricing) (bool, error) {
 		return false, nil
 	}
 
-	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(pricing)
+	affected, err := ormer.Engine.ID(core.PK{owner, name}).AllCols().Update(pricing)
 	if err != nil {
 		return false, err
 	}
@@ -105,7 +105,7 @@ func UpdatePricing(id string, pricing *Pricing) (bool, error) {
 }
 
 func AddPricing(pricing *Pricing) (bool, error) {
-	affected, err := adapter.Engine.Insert(pricing)
+	affected, err := ormer.Engine.Insert(pricing)
 	if err != nil {
 		return false, err
 	}
@@ -113,7 +113,7 @@ func AddPricing(pricing *Pricing) (bool, error) {
 }
 
 func DeletePricing(pricing *Pricing) (bool, error) {
-	affected, err := adapter.Engine.ID(core.PK{pricing.Owner, pricing.Name}).Delete(pricing)
+	affected, err := ormer.Engine.ID(core.PK{pricing.Owner, pricing.Name}).Delete(pricing)
 	if err != nil {
 		return false, err
 	}

object/product.go

@@ -17,6 +17,8 @@ package object
 import (
 	"fmt"
 
+	"github.com/casdoor/casdoor/pp"
+
 	"github.com/casdoor/casdoor/util"
 	"github.com/xorm-io/core"
 )
@@ -50,7 +52,7 @@ func GetProductCount(owner, field, value string) (int64, error) {
 
 func GetProducts(owner string) ([]*Product, error) {
 	products := []*Product{}
-	err := adapter.Engine.Desc("created_time").Find(&products, &Product{Owner: owner})
+	err := ormer.Engine.Desc("created_time").Find(&products, &Product{Owner: owner})
 	if err != nil {
 		return products, err
 	}
@@ -75,7 +77,7 @@ func getProduct(owner string, name string) (*Product, error) {
 	}
 
 	product := Product{Owner: owner, Name: name}
-	existed, err := adapter.Engine.Get(&product)
+	existed, err := ormer.Engine.Get(&product)
 	if err != nil {
 		return &product, nil
 	}
@@ -100,7 +102,7 @@ func UpdateProduct(id string, product *Product) (bool, error) {
 		return false, nil
 	}
 
-	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(product)
+	affected, err := ormer.Engine.ID(core.PK{owner, name}).AllCols().Update(product)
 	if err != nil {
 		return false, err
 	}
@@ -109,7 +111,7 @@ func UpdateProduct(id string, product *Product) (bool, error) {
 }
 
 func AddProduct(product *Product) (bool, error) {
-	affected, err := adapter.Engine.Insert(product)
+	affected, err := ormer.Engine.Insert(product)
 	if err != nil {
 		return false, err
 	}
@@ -118,7 +120,7 @@ func AddProduct(product *Product) (bool, error) {
 }
 
 func DeleteProduct(product *Product) (bool, error) {
-	affected, err := adapter.Engine.ID(core.PK{product.Owner, product.Name}).Delete(&Product{})
+	affected, err := ormer.Engine.ID(core.PK{product.Owner, product.Name}).Delete(&Product{})
 	if err != nil {
 		return false, err
 	}
@@ -183,36 +185,39 @@ func BuyProduct(id string, providerName string, user *User, host string) (string
 	productDisplayName := product.DisplayName
 
 	originFrontend, originBackend := getOriginFromHost(host)
-	returnUrl := fmt.Sprintf("%s/payments/%s/result", originFrontend, paymentName)
-	notifyUrl := fmt.Sprintf("%s/api/notify-payment/%s/%s/%s/%s", originBackend, owner, providerName, productName, paymentName)
-
+	returnUrl := fmt.Sprintf("%s/payments/%s/%s/result", originFrontend, owner, paymentName)
+	notifyUrl := fmt.Sprintf("%s/api/notify-payment/%s/%s", originBackend, owner, paymentName)
+	// Create an Order and get the payUrl
 	payUrl, orderId, err := pProvider.Pay(providerName, productName, payerName, paymentName, productDisplayName, product.Price, product.Currency, returnUrl, notifyUrl)
 	if err != nil {
 		return "", "", err
 	}
-
+	// Create a Payment linked with Product and Order
 	payment := Payment{
-		Owner:              product.Owner,
-		Name:               paymentName,
-		CreatedTime:        util.GetCurrentTime(),
-		DisplayName:        paymentName,
-		Provider:           provider.Name,
-		Type:               provider.Type,
-		Organization:       user.Owner,
-		User:               user.Name,
+		Owner:       product.Owner,
+		Name:        paymentName,
+		CreatedTime: util.GetCurrentTime(),
+		DisplayName: paymentName,
+
+		Provider: provider.Name,
+		Type:     provider.Type,
+
 		ProductName:        productName,
 		ProductDisplayName: productDisplayName,
 		Detail:             product.Detail,
 		Tag:                product.Tag,
 		Currency:           product.Currency,
 		Price:              product.Price,
-		PayUrl:             payUrl,
 		ReturnUrl:          product.ReturnUrl,
-		State:              "Created",
+
+		User:       user.Name,
+		PayUrl:     payUrl,
+		State:      pp.PaymentStateCreated,
+		OutOrderId: orderId,
 	}
 
 	if provider.Type == "Dummy" {
-		payment.State = "Paid"
+		payment.State = pp.PaymentStatePaid
 	}
 
 	affected, err := AddPayment(&payment)

object/provider.go

@@ -119,7 +119,7 @@ func GetGlobalProviderCount(field, value string) (int64, error) {
 
 func GetProviders(owner string) ([]*Provider, error) {
 	providers := []*Provider{}
-	err := adapter.Engine.Where("owner = ? or owner = ? ", "admin", owner).Desc("created_time").Find(&providers, &Provider{})
+	err := ormer.Engine.Where("owner = ? or owner = ? ", "admin", owner).Desc("created_time").Find(&providers, &Provider{})
 	if err != nil {
 		return providers, err
 	}
@@ -129,7 +129,7 @@ func GetProviders(owner string) ([]*Provider, error) {
 
 func GetGlobalProviders() ([]*Provider, error) {
 	providers := []*Provider{}
-	err := adapter.Engine.Desc("created_time").Find(&providers)
+	err := ormer.Engine.Desc("created_time").Find(&providers)
 	if err != nil {
 		return providers, err
 	}
@@ -165,7 +165,7 @@ func getProvider(owner string, name string) (*Provider, error) {
 	}
 
 	provider := Provider{Name: name}
-	existed, err := adapter.Engine.Get(&provider)
+	existed, err := ormer.Engine.Get(&provider)
 	if err != nil {
 		return &provider, err
 	}
@@ -184,7 +184,7 @@ func GetProvider(id string) (*Provider, error) {
 
 func getDefaultAiProvider() (*Provider, error) {
 	provider := Provider{Owner: "admin", Category: "AI"}
-	existed, err := adapter.Engine.Get(&provider)
+	existed, err := ormer.Engine.Get(&provider)
 	if err != nil {
 		return &provider, err
 	}
@@ -221,7 +221,7 @@ func UpdateProvider(id string, provider *Provider) (bool, error) {
 		}
 	}
 
-	session := adapter.Engine.ID(core.PK{owner, name}).AllCols()
+	session := ormer.Engine.ID(core.PK{owner, name}).AllCols()
 	if provider.ClientSecret == "***" {
 		session = session.Omit("client_secret")
 	}
@@ -248,7 +248,7 @@ func AddProvider(provider *Provider) (bool, error) {
 		provider.IntranetEndpoint = util.GetEndPoint(provider.IntranetEndpoint)
 	}
 
-	affected, err := adapter.Engine.Insert(provider)
+	affected, err := ormer.Engine.Insert(provider)
 	if err != nil {
 		return false, err
 	}
@@ -257,7 +257,7 @@ func AddProvider(provider *Provider) (bool, error) {
 }
 
 func DeleteProvider(provider *Provider) (bool, error) {
-	affected, err := adapter.Engine.ID(core.PK{provider.Owner, provider.Name}).Delete(&Provider{})
+	affected, err := ormer.Engine.ID(core.PK{provider.Owner, provider.Name}).Delete(&Provider{})
 	if err != nil {
 		return false, err
 	}
@@ -297,7 +297,7 @@ func (p *Provider) GetId() string {
 func GetCaptchaProviderByOwnerName(applicationId, lang string) (*Provider, error) {
 	owner, name := util.GetOwnerAndNameFromId(applicationId)
 	provider := Provider{Owner: owner, Name: name, Category: "Captcha"}
-	existed, err := adapter.Engine.Get(&provider)
+	existed, err := ormer.Engine.Get(&provider)
 	if err != nil {
 		return nil, err
 	}
@@ -333,7 +333,7 @@ func GetCaptchaProviderByApplication(applicationId, isCurrentProvider, lang stri
 }
 
 func providerChangeTrigger(oldName string, newName string) error {
-	session := adapter.Engine.NewSession()
+	session := ormer.Engine.NewSession()
 	defer session.Close()
 
 	err := session.Begin()
@@ -342,7 +342,7 @@ func providerChangeTrigger(oldName string, newName string) error {
 	}
 
 	var applications []*Application
-	err = adapter.Engine.Find(&applications)
+	err = ormer.Engine.Find(&applications)
 	if err != nil {
 		return err
 	}

object/record.go

@@ -96,7 +96,7 @@ func AddRecord(record *Record) bool {
 		fmt.Println(errWebhook)
 	}
 
-	affected, err := adapter.Engine.Insert(record)
+	affected, err := ormer.Engine.Insert(record)
 	if err != nil {
 		panic(err)
 	}
@@ -111,7 +111,7 @@ func GetRecordCount(field, value string, filterRecord *Record) (int64, error) {
 
 func GetRecords() ([]*Record, error) {
 	records := []*Record{}
-	err := adapter.Engine.Desc("id").Find(&records)
+	err := ormer.Engine.Desc("id").Find(&records)
 	if err != nil {
 		return records, err
 	}
@@ -132,7 +132,7 @@ func GetPaginationRecords(offset, limit int, field, value, sortField, sortOrder
 
 func GetRecordsByField(record *Record) ([]*Record, error) {
 	records := []*Record{}
-	err := adapter.Engine.Find(&records, record)
+	err := ormer.Engine.Find(&records, record)
 	if err != nil {
 		return records, err
 	}

object/resource.go

@@ -52,7 +52,7 @@ func GetResources(owner string, user string) ([]*Resource, error) {
 	}
 
 	resources := []*Resource{}
-	err := adapter.Engine.Desc("created_time").Find(&resources, &Resource{Owner: owner, User: user})
+	err := ormer.Engine.Desc("created_time").Find(&resources, &Resource{Owner: owner, User: user})
 	if err != nil {
 		return resources, err
 	}
@@ -82,7 +82,7 @@ func getResource(owner string, name string) (*Resource, error) {
 	}
 
 	resource := Resource{Owner: owner, Name: name}
-	existed, err := adapter.Engine.Get(&resource)
+	existed, err := ormer.Engine.Get(&resource)
 	if err != nil {
 		return &resource, err
 	}
@@ -107,7 +107,7 @@ func UpdateResource(id string, resource *Resource) (bool, error) {
 		return false, nil
 	}
 
-	_, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(resource)
+	_, err := ormer.Engine.ID(core.PK{owner, name}).AllCols().Update(resource)
 	if err != nil {
 		return false, err
 	}
@@ -117,7 +117,7 @@ func UpdateResource(id string, resource *Resource) (bool, error) {
 }
 
 func AddResource(resource *Resource) (bool, error) {
-	affected, err := adapter.Engine.Insert(resource)
+	affected, err := ormer.Engine.Insert(resource)
 	if err != nil {
 		return false, err
 	}
@@ -126,7 +126,7 @@ func AddResource(resource *Resource) (bool, error) {
 }
 
 func DeleteResource(resource *Resource) (bool, error) {
-	affected, err := adapter.Engine.ID(core.PK{resource.Owner, resource.Name}).Delete(&Resource{})
+	affected, err := ormer.Engine.ID(core.PK{resource.Owner, resource.Name}).Delete(&Resource{})
 	if err != nil {
 		return false, err
 	}

object/role.go

@@ -44,7 +44,7 @@ func GetRoleCount(owner, field, value string) (int64, error) {
 
 func GetRoles(owner string) ([]*Role, error) {
 	roles := []*Role{}
-	err := adapter.Engine.Desc("created_time").Find(&roles, &Role{Owner: owner})
+	err := ormer.Engine.Desc("created_time").Find(&roles, &Role{Owner: owner})
 	if err != nil {
 		return roles, err
 	}
@@ -69,7 +69,7 @@ func getRole(owner string, name string) (*Role, error) {
 	}
 
 	role := Role{Owner: owner, Name: name}
-	existed, err := adapter.Engine.Get(&role)
+	existed, err := ormer.Engine.Get(&role)
 	if err != nil {
 		return &role, err
 	}
@@ -82,12 +82,12 @@ func getRole(owner string, name string) (*Role, error) {
 }
 
 func GetRole(id string) (*Role, error) {
-	owner, name := util.GetOwnerAndNameFromId(id)
+	owner, name := util.GetOwnerAndNameFromIdNoCheck(id)
 	return getRole(owner, name)
 }
 
 func UpdateRole(id string, role *Role) (bool, error) {
-	owner, name := util.GetOwnerAndNameFromId(id)
+	owner, name := util.GetOwnerAndNameFromIdNoCheck(id)
 	oldRole, err := getRole(owner, name)
 	if err != nil {
 		return false, err
@@ -137,7 +137,7 @@ func UpdateRole(id string, role *Role) (bool, error) {
 		}
 	}
 
-	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(role)
+	affected, err := ormer.Engine.ID(core.PK{owner, name}).AllCols().Update(role)
 	if err != nil {
 		return false, err
 	}
@@ -178,7 +178,7 @@ func UpdateRole(id string, role *Role) (bool, error) {
 }
 
 func AddRole(role *Role) (bool, error) {
-	affected, err := adapter.Engine.Insert(role)
+	affected, err := ormer.Engine.Insert(role)
 	if err != nil {
 		return false, err
 	}
@@ -190,7 +190,7 @@ func AddRoles(roles []*Role) bool {
 	if len(roles) == 0 {
 		return false
 	}
-	affected, err := adapter.Engine.Insert(roles)
+	affected, err := ormer.Engine.Insert(roles)
 	if err != nil {
 		if !strings.Contains(err.Error(), "Duplicate entry") {
 			panic(err)
@@ -240,7 +240,7 @@ func DeleteRole(role *Role) (bool, error) {
 		}
 	}
 
-	affected, err := adapter.Engine.ID(core.PK{role.Owner, role.Name}).Delete(&Role{})
+	affected, err := ormer.Engine.ID(core.PK{role.Owner, role.Name}).Delete(&Role{})
 	if err != nil {
 		return false, err
 	}
@@ -254,7 +254,7 @@ func (role *Role) GetId() string {
 
 func GetRolesByUser(userId string) ([]*Role, error) {
 	roles := []*Role{}
-	err := adapter.Engine.Where("users like ?", "%"+userId+"\"%").Find(&roles)
+	err := ormer.Engine.Where("users like ?", "%"+userId+"\"%").Find(&roles)
 	if err != nil {
 		return roles, err
 	}
@@ -278,7 +278,7 @@ func GetRolesByUser(userId string) ([]*Role, error) {
 }
 
 func roleChangeTrigger(oldName string, newName string) error {
-	session := adapter.Engine.NewSession()
+	session := ormer.Engine.NewSession()
 	defer session.Close()
 
 	err := session.Begin()
@@ -287,7 +287,7 @@ func roleChangeTrigger(oldName string, newName string) error {
 	}
 
 	var roles []*Role
-	err = adapter.Engine.Find(&roles)
+	err = ormer.Engine.Find(&roles)
 	if err != nil {
 		return err
 	}
@@ -306,7 +306,7 @@ func roleChangeTrigger(oldName string, newName string) error {
 	}
 
 	var permissions []*Permission
-	err = adapter.Engine.Find(&permissions)
+	err = ormer.Engine.Find(&permissions)
 	if err != nil {
 		return err
 	}
@@ -338,7 +338,7 @@ func GetMaskedRoles(roles []*Role) []*Role {
 
 func GetRolesByNamePrefix(owner string, prefix string) ([]*Role, error) {
 	roles := []*Role{}
-	err := adapter.Engine.Where("owner=? and name like ?", owner, prefix+"%").Find(&roles)
+	err := ormer.Engine.Where("owner=? and name like ?", owner, prefix+"%").Find(&roles)
 	if err != nil {
 		return roles, err
 	}

object/session.go

@@ -40,9 +40,9 @@ func GetSessions(owner string) ([]*Session, error) {
 	sessions := []*Session{}
 	var err error
 	if owner != "" {
-		err = adapter.Engine.Desc("created_time").Where("owner = ?", owner).Find(&sessions)
+		err = ormer.Engine.Desc("created_time").Where("owner = ?", owner).Find(&sessions)
 	} else {
-		err = adapter.Engine.Desc("created_time").Find(&sessions)
+		err = ormer.Engine.Desc("created_time").Find(&sessions)
 	}
 	if err != nil {
 		return sessions, err
@@ -70,7 +70,7 @@ func GetSessionCount(owner, field, value string) (int64, error) {
 func GetSingleSession(id string) (*Session, error) {
 	owner, name, application := util.GetOwnerAndNameAndOtherFromId(id)
 	session := Session{Owner: owner, Name: name, Application: application}
-	get, err := adapter.Engine.Get(&session)
+	get, err := ormer.Engine.Get(&session)
 	if err != nil {
 		return &session, err
 	}
@@ -91,7 +91,7 @@ func UpdateSession(id string, session *Session) (bool, error) {
 		return false, nil
 	}
 
-	affected, err := adapter.Engine.ID(core.PK{owner, name, application}).Update(session)
+	affected, err := ormer.Engine.ID(core.PK{owner, name, application}).Update(session)
 	if err != nil {
 		return false, err
 	}
@@ -114,7 +114,7 @@ func AddSession(session *Session) (bool, error) {
 	if dbSession == nil {
 		session.CreatedTime = util.GetCurrentTime()
 
-		affected, err := adapter.Engine.Insert(session)
+		affected, err := ormer.Engine.Insert(session)
 		if err != nil {
 			return false, err
 		}
@@ -150,7 +150,7 @@ func DeleteSession(id string) (bool, error) {
 		}
 	}
 
-	affected, err := adapter.Engine.ID(core.PK{owner, name, application}).Delete(&Session{})
+	affected, err := ormer.Engine.ID(core.PK{owner, name, application}).Delete(&Session{})
 	if err != nil {
 		return false, err
 	}

object/subscription.go

@@ -69,7 +69,7 @@ func GetSubscriptionCount(owner, field, value string) (int64, error) {
 
 func GetSubscriptions(owner string) ([]*Subscription, error) {
 	subscriptions := []*Subscription{}
-	err := adapter.Engine.Desc("created_time").Find(&subscriptions, &Subscription{Owner: owner})
+	err := ormer.Engine.Desc("created_time").Find(&subscriptions, &Subscription{Owner: owner})
 	if err != nil {
 		return subscriptions, err
 	}
@@ -94,7 +94,7 @@ func getSubscription(owner string, name string) (*Subscription, error) {
 	}
 
 	subscription := Subscription{Owner: owner, Name: name}
-	existed, err := adapter.Engine.Get(&subscription)
+	existed, err := ormer.Engine.Get(&subscription)
 	if err != nil {
 		return nil, err
 	}
@@ -119,7 +119,7 @@ func UpdateSubscription(id string, subscription *Subscription) (bool, error) {
 		return false, nil
 	}
 
-	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(subscription)
+	affected, err := ormer.Engine.ID(core.PK{owner, name}).AllCols().Update(subscription)
 	if err != nil {
 		return false, err
 	}
@@ -128,7 +128,7 @@ func UpdateSubscription(id string, subscription *Subscription) (bool, error) {
 }
 
 func AddSubscription(subscription *Subscription) (bool, error) {
-	affected, err := adapter.Engine.Insert(subscription)
+	affected, err := ormer.Engine.Insert(subscription)
 	if err != nil {
 		return false, err
 	}
@@ -137,7 +137,7 @@ func AddSubscription(subscription *Subscription) (bool, error) {
 }
 
 func DeleteSubscription(subscription *Subscription) (bool, error) {
-	affected, err := adapter.Engine.ID(core.PK{subscription.Owner, subscription.Name}).Delete(&Subscription{})
+	affected, err := ormer.Engine.ID(core.PK{subscription.Owner, subscription.Name}).Delete(&Subscription{})
 	if err != nil {
 		return false, err
 	}

object/syncer.go

@@ -53,7 +53,7 @@ type Syncer struct {
 	IsReadOnly       bool           `json:"isReadOnly"`
 	IsEnabled        bool           `json:"isEnabled"`
 
-	Adapter *Adapter `xorm:"-" json:"-"`
+	Ormer *Ormer `xorm:"-" json:"-"`
 }
 
 func GetSyncerCount(owner, organization, field, value string) (int64, error) {
@@ -63,7 +63,7 @@ func GetSyncerCount(owner, organization, field, value string) (int64, error) {
 
 func GetSyncers(owner string) ([]*Syncer, error) {
 	syncers := []*Syncer{}
-	err := adapter.Engine.Desc("created_time").Find(&syncers, &Syncer{Owner: owner})
+	err := ormer.Engine.Desc("created_time").Find(&syncers, &Syncer{Owner: owner})
 	if err != nil {
 		return syncers, err
 	}
@@ -73,7 +73,7 @@ func GetSyncers(owner string) ([]*Syncer, error) {
 
 func GetOrganizationSyncers(owner, organization string) ([]*Syncer, error) {
 	syncers := []*Syncer{}
-	err := adapter.Engine.Desc("created_time").Find(&syncers, &Syncer{Owner: owner, Organization: organization})
+	err := ormer.Engine.Desc("created_time").Find(&syncers, &Syncer{Owner: owner, Organization: organization})
 	if err != nil {
 		return syncers, err
 	}
@@ -98,7 +98,7 @@ func getSyncer(owner string, name string) (*Syncer, error) {
 	}
 
 	syncer := Syncer{Owner: owner, Name: name}
-	existed, err := adapter.Engine.Get(&syncer)
+	existed, err := ormer.Engine.Get(&syncer)
 	if err != nil {
 		return &syncer, err
 	}
@@ -141,7 +141,7 @@ func UpdateSyncer(id string, syncer *Syncer) (bool, error) {
 		return false, nil
 	}
 
-	session := adapter.Engine.ID(core.PK{owner, name}).AllCols()
+	session := ormer.Engine.ID(core.PK{owner, name}).AllCols()
 	if syncer.Password == "***" {
 		session.Omit("password")
 	}
@@ -172,7 +172,7 @@ func updateSyncerErrorText(syncer *Syncer, line string) (bool, error) {
 
 	s.ErrorText = s.ErrorText + line
 
-	affected, err := adapter.Engine.ID(core.PK{s.Owner, s.Name}).Cols("error_text").Update(s)
+	affected, err := ormer.Engine.ID(core.PK{s.Owner, s.Name}).Cols("error_text").Update(s)
 	if err != nil {
 		return false, err
 	}
@@ -181,7 +181,7 @@ func updateSyncerErrorText(syncer *Syncer, line string) (bool, error) {
 }
 
 func AddSyncer(syncer *Syncer) (bool, error) {
-	affected, err := adapter.Engine.Insert(syncer)
+	affected, err := ormer.Engine.Insert(syncer)
 	if err != nil {
 		return false, err
 	}
@@ -197,7 +197,7 @@ func AddSyncer(syncer *Syncer) (bool, error) {
 }
 
 func DeleteSyncer(syncer *Syncer) (bool, error) {
-	affected, err := adapter.Engine.ID(core.PK{syncer.Owner, syncer.Name}).Delete(&Syncer{})
+	affected, err := ormer.Engine.ID(core.PK{syncer.Owner, syncer.Name}).Delete(&Syncer{})
 	if err != nil {
 		return false, err
 	}

object/syncer_affiliation.go

@@ -21,7 +21,7 @@ type Affiliation struct {
 
 func (syncer *Syncer) getAffiliations() ([]*Affiliation, error) {
 	affiliations := []*Affiliation{}
-	err := syncer.Adapter.Engine.Table(syncer.AffiliationTable).Asc("id").Find(&affiliations)
+	err := syncer.Ormer.Engine.Table(syncer.AffiliationTable).Asc("id").Find(&affiliations)
 	if err != nil {
 		return nil, err
 	}

object/syncer_user.go

@@ -32,7 +32,7 @@ type Credential struct {
 
 func (syncer *Syncer) getOriginalUsers() ([]*OriginalUser, error) {
 	sql := fmt.Sprintf("select * from %s", syncer.getTable())
-	results, err := syncer.Adapter.Engine.QueryString(sql)
+	results, err := syncer.Ormer.Engine.QueryString(sql)
 	if err != nil {
 		return nil, err
 	}
@@ -67,7 +67,7 @@ func (syncer *Syncer) addUser(user *OriginalUser) (bool, error) {
 	keyString, valueString := syncer.getSqlKeyValueStringFromMap(m)
 
 	sql := fmt.Sprintf("insert into %s (%s) values (%s)", syncer.getTable(), keyString, valueString)
-	res, err := syncer.Adapter.Engine.Exec(sql)
+	res, err := syncer.Ormer.Engine.Exec(sql)
 	if err != nil {
 		return false, err
 	}
@@ -108,7 +108,7 @@ func (syncer *Syncer) updateUser(user *OriginalUser) (bool, error) {
 	setString := syncer.getSqlSetStringFromMap(m)
 
 	sql := fmt.Sprintf("update %s set %s where %s = %s", syncer.getTable(), setString, syncer.TablePrimaryKey, pkValue)
-	res, err := syncer.Adapter.Engine.Exec(sql)
+	res, err := syncer.Ormer.Engine.Exec(sql)
 	if err != nil {
 		return false, err
 	}
@@ -138,7 +138,7 @@ func (syncer *Syncer) updateUserForOriginalFields(user *User) (bool, error) {
 
 	columns := syncer.getCasdoorColumns()
 	columns = append(columns, "affiliation", "hash", "pre_hash")
-	affected, err := adapter.Engine.ID(core.PK{oldUser.Owner, oldUser.Name}).Cols(columns...).Update(user)
+	affected, err := ormer.Engine.ID(core.PK{oldUser.Owner, oldUser.Name}).Cols(columns...).Update(user)
 	if err != nil {
 		return false, err
 	}
@@ -160,7 +160,7 @@ func (syncer *Syncer) calculateHash(user *OriginalUser) string {
 }
 
 func (syncer *Syncer) initAdapter() {
-	if syncer.Adapter == nil {
+	if syncer.Ormer == nil {
 		var dataSourceName string
 		if syncer.DatabaseType == "mssql" {
 			dataSourceName = fmt.Sprintf("sqlserver://%s:%s@%s:%d?database=%s", syncer.User, syncer.Password, syncer.Host, syncer.Port, syncer.Database)
@@ -174,7 +174,7 @@ func (syncer *Syncer) initAdapter() {
 			dataSourceName = strings.ReplaceAll(dataSourceName, "dbi.", "db.")
 		}
 
-		syncer.Adapter = NewAdapter(syncer.DatabaseType, dataSourceName, syncer.Database)
+		syncer.Ormer = NewAdapter(syncer.DatabaseType, dataSourceName, syncer.Database)
 	}
 }
 

object/syncer_util.go

@@ -196,7 +196,7 @@ func (syncer *Syncer) getOriginalUsersFromMap(results []map[string]string) []*Or
 		if syncer.Type == "Keycloak" {
 			// query and set password and password salt from credential table
 			sql := fmt.Sprintf("select * from credential where type = 'password' and user_id = '%s'", originalUser.Id)
-			credentialResult, _ := syncer.Adapter.Engine.QueryString(sql)
+			credentialResult, _ := syncer.Ormer.Engine.QueryString(sql)
 			if len(credentialResult) > 0 {
 				credential := Credential{}
 				_ = json.Unmarshal([]byte(credentialResult[0]["SECRET_DATA"]), &credential)
@@ -206,7 +206,7 @@ func (syncer *Syncer) getOriginalUsersFromMap(results []map[string]string) []*Or
 			// query and set signup application from user group table
 			sql = fmt.Sprintf("select name from keycloak_group where id = "+
 				"(select group_id as gid from user_group_membership where user_id = '%s')", originalUser.Id)
-			groupResult, _ := syncer.Adapter.Engine.QueryString(sql)
+			groupResult, _ := syncer.Ormer.Engine.QueryString(sql)
 			if len(groupResult) > 0 {
 				originalUser.SignupApplication = groupResult[0]["name"]
 			}

object/token.go

@@ -98,7 +98,7 @@ func GetTokenCount(owner, organization, field, value string) (int64, error) {
 
 func GetTokens(owner string, organization string) ([]*Token, error) {
 	tokens := []*Token{}
-	err := adapter.Engine.Desc("created_time").Find(&tokens, &Token{Owner: owner, Organization: organization})
+	err := ormer.Engine.Desc("created_time").Find(&tokens, &Token{Owner: owner, Organization: organization})
 	return tokens, err
 }
 
@@ -115,7 +115,7 @@ func getToken(owner string, name string) (*Token, error) {
 	}
 
 	token := Token{Owner: owner, Name: name}
-	existed, err := adapter.Engine.Get(&token)
+	existed, err := ormer.Engine.Get(&token)
 	if err != nil {
 		return nil, err
 	}
@@ -129,7 +129,7 @@ func getToken(owner string, name string) (*Token, error) {
 
 func getTokenByCode(code string) (*Token, error) {
 	token := Token{Code: code}
-	existed, err := adapter.Engine.Get(&token)
+	existed, err := ormer.Engine.Get(&token)
 	if err != nil {
 		return nil, err
 	}
@@ -142,7 +142,7 @@ func getTokenByCode(code string) (*Token, error) {
 }
 
 func updateUsedByCode(token *Token) bool {
-	affected, err := adapter.Engine.Where("code=?", token.Code).Cols("code_is_used").Update(token)
+	affected, err := ormer.Engine.Where("code=?", token.Code).Cols("code_is_used").Update(token)
 	if err != nil {
 		panic(err)
 	}
@@ -167,7 +167,7 @@ func UpdateToken(id string, token *Token) (bool, error) {
 		return false, nil
 	}
 
-	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(token)
+	affected, err := ormer.Engine.ID(core.PK{owner, name}).AllCols().Update(token)
 	if err != nil {
 		return false, err
 	}
@@ -176,7 +176,7 @@ func UpdateToken(id string, token *Token) (bool, error) {
 }
 
 func AddToken(token *Token) (bool, error) {
-	affected, err := adapter.Engine.Insert(token)
+	affected, err := ormer.Engine.Insert(token)
 	if err != nil {
 		return false, err
 	}
@@ -185,7 +185,7 @@ func AddToken(token *Token) (bool, error) {
 }
 
 func DeleteToken(token *Token) (bool, error) {
-	affected, err := adapter.Engine.ID(core.PK{token.Owner, token.Name}).Delete(&Token{})
+	affected, err := ormer.Engine.ID(core.PK{token.Owner, token.Name}).Delete(&Token{})
 	if err != nil {
 		return false, err
 	}
@@ -195,7 +195,7 @@ func DeleteToken(token *Token) (bool, error) {
 
 func ExpireTokenByAccessToken(accessToken string) (bool, *Application, *Token, error) {
 	token := Token{AccessToken: accessToken}
-	existed, err := adapter.Engine.Get(&token)
+	existed, err := ormer.Engine.Get(&token)
 	if err != nil {
 		return false, nil, nil, err
 	}
@@ -205,7 +205,7 @@ func ExpireTokenByAccessToken(accessToken string) (bool, *Application, *Token, e
 	}
 
 	token.ExpiresIn = 0
-	affected, err := adapter.Engine.ID(core.PK{token.Owner, token.Name}).Cols("expires_in").Update(&token)
+	affected, err := ormer.Engine.ID(core.PK{token.Owner, token.Name}).Cols("expires_in").Update(&token)
 	if err != nil {
 		return false, nil, nil, err
 	}
@@ -221,7 +221,7 @@ func ExpireTokenByAccessToken(accessToken string) (bool, *Application, *Token, e
 func GetTokenByAccessToken(accessToken string) (*Token, error) {
 	// Check if the accessToken is in the database
 	token := Token{AccessToken: accessToken}
-	existed, err := adapter.Engine.Get(&token)
+	existed, err := ormer.Engine.Get(&token)
 	if err != nil {
 		return nil, err
 	}
@@ -235,7 +235,7 @@ func GetTokenByAccessToken(accessToken string) (*Token, error) {
 
 func GetTokenByTokenAndApplication(token string, application string) (*Token, error) {
 	tokenResult := Token{}
-	existed, err := adapter.Engine.Where("(refresh_token = ? or access_token = ? ) and application = ?", token, token, application).Get(&tokenResult)
+	existed, err := ormer.Engine.Where("(refresh_token = ? or access_token = ? ) and application = ?", token, token, application).Get(&tokenResult)
 	if err != nil {
 		return nil, err
 	}
@@ -440,7 +440,7 @@ func RefreshToken(grantType string, refreshToken string, scope string, clientId
 	}
 	// check whether the refresh token is valid, and has not expired.
 	token := Token{RefreshToken: refreshToken}
-	existed, err := adapter.Engine.Get(&token)
+	existed, err := ormer.Engine.Get(&token)
 	if err != nil || !existed {
 		return &TokenError{
 			Error:            InvalidGrant,

object/user.go

@@ -207,7 +207,7 @@ func GetGlobalUserCount(field, value string) (int64, error) {
 
 func GetGlobalUsers() ([]*User, error) {
 	users := []*User{}
-	err := adapter.Engine.Desc("created_time").Find(&users)
+	err := ormer.Engine.Desc("created_time").Find(&users)
 	if err != nil {
 		return nil, err
 	}
@@ -237,12 +237,12 @@ func GetUserCount(owner, field, value string, groupName string) (int64, error) {
 }
 
 func GetOnlineUserCount(owner string, isOnline int) (int64, error) {
-	return adapter.Engine.Where("is_online = ?", isOnline).Count(&User{Owner: owner})
+	return ormer.Engine.Where("is_online = ?", isOnline).Count(&User{Owner: owner})
 }
 
 func GetUsers(owner string) ([]*User, error) {
 	users := []*User{}
-	err := adapter.Engine.Desc("created_time").Find(&users, &User{Owner: owner})
+	err := ormer.Engine.Desc("created_time").Find(&users, &User{Owner: owner})
 	if err != nil {
 		return nil, err
 	}
@@ -252,7 +252,7 @@ func GetUsers(owner string) ([]*User, error) {
 
 func GetUsersByTag(owner string, tag string) ([]*User, error) {
 	users := []*User{}
-	err := adapter.Engine.Desc("created_time").Find(&users, &User{Owner: owner, Tag: tag})
+	err := ormer.Engine.Desc("created_time").Find(&users, &User{Owner: owner, Tag: tag})
 	if err != nil {
 		return nil, err
 	}
@@ -262,7 +262,7 @@ func GetUsersByTag(owner string, tag string) ([]*User, error) {
 
 func GetSortedUsers(owner string, sorter string, limit int) ([]*User, error) {
 	users := []*User{}
-	err := adapter.Engine.Desc(sorter).Limit(limit, 0).Find(&users, &User{Owner: owner})
+	err := ormer.Engine.Desc(sorter).Limit(limit, 0).Find(&users, &User{Owner: owner})
 	if err != nil {
 		return nil, err
 	}
@@ -291,7 +291,7 @@ func getUser(owner string, name string) (*User, error) {
 	}
 
 	user := User{Owner: owner, Name: name}
-	existed, err := adapter.Engine.Get(&user)
+	existed, err := ormer.Engine.Get(&user)
 	if err != nil {
 		return nil, err
 	}
@@ -309,7 +309,7 @@ func getUserById(owner string, id string) (*User, error) {
 	}
 
 	user := User{Owner: owner, Id: id}
-	existed, err := adapter.Engine.Get(&user)
+	existed, err := ormer.Engine.Get(&user)
 	if err != nil {
 		return nil, err
 	}
@@ -326,7 +326,7 @@ func getUserByWechatId(owner string, wechatOpenId string, wechatUnionId string)
 		wechatUnionId = wechatOpenId
 	}
 	user := &User{}
-	existed, err := adapter.Engine.Where("owner = ?", owner).Where("wechat = ? OR wechat = ?", wechatOpenId, wechatUnionId).Get(user)
+	existed, err := ormer.Engine.Where("owner = ?", owner).Where("wechat = ? OR wechat = ?", wechatOpenId, wechatUnionId).Get(user)
 	if err != nil {
 		return nil, err
 	}
@@ -344,7 +344,7 @@ func GetUserByEmail(owner string, email string) (*User, error) {
 	}
 
 	user := User{Owner: owner, Email: email}
-	existed, err := adapter.Engine.Get(&user)
+	existed, err := ormer.Engine.Get(&user)
 	if err != nil {
 		return nil, err
 	}
@@ -362,7 +362,7 @@ func GetUserByPhone(owner string, phone string) (*User, error) {
 	}
 
 	user := User{Owner: owner, Phone: phone}
-	existed, err := adapter.Engine.Get(&user)
+	existed, err := ormer.Engine.Get(&user)
 	if err != nil {
 		return nil, err
 	}
@@ -380,7 +380,7 @@ func GetUserByUserId(owner string, userId string) (*User, error) {
 	}
 
 	user := User{Owner: owner, Id: userId}
-	existed, err := adapter.Engine.Get(&user)
+	existed, err := ormer.Engine.Get(&user)
 	if err != nil {
 		return nil, err
 	}
@@ -397,7 +397,7 @@ func GetUserByAccessKey(accessKey string) (*User, error) {
 		return nil, nil
 	}
 	user := User{AccessKey: accessKey}
-	existed, err := adapter.Engine.Get(&user)
+	existed, err := ormer.Engine.Get(&user)
 	if err != nil {
 		return nil, err
 	}
@@ -471,7 +471,7 @@ func GetMaskedUsers(users []*User, errs ...error) ([]*User, error) {
 
 func GetLastUser(owner string) (*User, error) {
 	user := User{Owner: owner}
-	existed, err := adapter.Engine.Desc("created_time", "id").Get(&user)
+	existed, err := ormer.Engine.Desc("created_time", "id").Get(&user)
 	if err != nil {
 		return nil, err
 	}
@@ -546,7 +546,7 @@ func updateUser(id string, user *User, columns []string) (int64, error) {
 		return 0, err
 	}
 
-	affected, err := adapter.Engine.ID(core.PK{owner, name}).Cols(columns...).Update(user)
+	affected, err := ormer.Engine.ID(core.PK{owner, name}).Cols(columns...).Update(user)
 	if err != nil {
 		return 0, err
 	}
@@ -584,7 +584,7 @@ func UpdateUserForAllFields(id string, user *User) (bool, error) {
 		}
 	}
 
-	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(user)
+	affected, err := ormer.Engine.ID(core.PK{owner, name}).AllCols().Update(user)
 	if err != nil {
 		return false, err
 	}
@@ -638,7 +638,7 @@ func AddUser(user *User) (bool, error) {
 	}
 	user.Ranking = int(count + 1)
 
-	affected, err := adapter.Engine.Insert(user)
+	affected, err := ormer.Engine.Insert(user)
 	if err != nil {
 		return false, err
 	}
@@ -670,7 +670,7 @@ func AddUsers(users []*User) (bool, error) {
 		}
 	}
 
-	affected, err := adapter.Engine.Insert(users)
+	affected, err := ormer.Engine.Insert(users)
 	if err != nil {
 		if !strings.Contains(err.Error(), "Duplicate entry") {
 			return false, err
@@ -715,7 +715,7 @@ func DeleteUser(user *User) (bool, error) {
 		return false, err
 	}
 
-	affected, err := adapter.Engine.ID(core.PK{user.Owner, user.Name}).Delete(&User{})
+	affected, err := ormer.Engine.ID(core.PK{user.Owner, user.Name}).Delete(&User{})
 	if err != nil {
 		return false, err
 	}
@@ -779,7 +779,7 @@ func ExtendUserWithRolesAndPermissions(user *User) (err error) {
 }
 
 func userChangeTrigger(oldName string, newName string) error {
-	session := adapter.Engine.NewSession()
+	session := ormer.Engine.NewSession()
 	defer session.Close()
 
 	err := session.Begin()
@@ -788,7 +788,7 @@ func userChangeTrigger(oldName string, newName string) error {
 	}
 
 	var roles []*Role
-	err = adapter.Engine.Find(&roles)
+	err = ormer.Engine.Find(&roles)
 	if err != nil {
 		return err
 	}
@@ -808,7 +808,7 @@ func userChangeTrigger(oldName string, newName string) error {
 	}
 
 	var permissions []*Permission
-	err = adapter.Engine.Find(&permissions)
+	err = ormer.Engine.Find(&permissions)
 	if err != nil {
 		return err
 	}
@@ -860,3 +860,11 @@ func AddUserkeys(user *User, isAdmin bool) (bool, error) {
 
 	return UpdateUser(user.GetId(), user, []string{}, isAdmin)
 }
+
+func (user *User) IsApplicationAdmin(application *Application) bool {
+	if user == nil {
+		return false
+	}
+
+	return (user.Owner == application.Organization && user.IsAdmin) || user.IsGlobalAdmin
+}

object/user_test.go

@@ -25,7 +25,7 @@ import (
 )
 
 func updateUserColumn(column string, user *User) bool {
-	affected, err := adapter.Engine.ID(core.PK{user.Owner, user.Name}).Cols(column).Update(user)
+	affected, err := ormer.Engine.ID(core.PK{user.Owner, user.Name}).Cols(column).Update(user)
 	if err != nil {
 		panic(err)
 	}

object/user_util.go

@@ -30,7 +30,7 @@ func GetUserByField(organizationName string, field string, value string) (*User,
 	}
 
 	user := User{Owner: organizationName}
-	existed, err := adapter.Engine.Where(fmt.Sprintf("%s=?", strings.ToLower(field)), value).Get(&user)
+	existed, err := ormer.Engine.Where(fmt.Sprintf("%s=?", strings.ToLower(field)), value).Get(&user)
 	if err != nil {
 		return nil, err
 	}
@@ -95,7 +95,7 @@ func SetUserField(user *User, field string, value string) (bool, error) {
 		bean[strings.ToLower(field)] = value
 	}
 
-	affected, err := adapter.Engine.Table(user).ID(core.PK{user.Owner, user.Name}).Update(bean)
+	affected, err := ormer.Engine.Table(user).ID(core.PK{user.Owner, user.Name}).Update(bean)
 	if err != nil {
 		return false, err
 	}
@@ -110,7 +110,7 @@ func SetUserField(user *User, field string, value string) (bool, error) {
 		return false, err
 	}
 
-	_, err = adapter.Engine.ID(core.PK{user.Owner, user.Name}).Cols("hash").Update(user)
+	_, err = ormer.Engine.ID(core.PK{user.Owner, user.Name}).Cols("hash").Update(user)
 	if err != nil {
 		return false, err
 	}
@@ -191,7 +191,7 @@ func ClearUserOAuthProperties(user *User, providerType string) (bool, error) {
 		}
 	}
 
-	affected, err := adapter.Engine.ID(core.PK{user.Owner, user.Name}).Cols("properties").Update(user)
+	affected, err := ormer.Engine.ID(core.PK{user.Owner, user.Name}).Cols("properties").Update(user)
 	if err != nil {
 		return false, err
 	}

object/verification.go

@@ -66,7 +66,7 @@ func IsAllowSend(user *User, remoteAddr, recordType string) error {
 	if user != nil {
 		record.User = user.GetId()
 	}
-	has, err := adapter.Engine.Desc("created_time").Get(&record)
+	has, err := ormer.Engine.Desc("created_time").Get(&record)
 	if err != nil {
 		return err
 	}
@@ -143,7 +143,7 @@ func AddToVerificationRecord(user *User, provider *Provider, remoteAddr, recordT
 	record.Time = time.Now().Unix()
 	record.IsUsed = false
 
-	_, err := adapter.Engine.Insert(record)
+	_, err := ormer.Engine.Insert(record)
 	if err != nil {
 		return err
 	}
@@ -154,7 +154,7 @@ func AddToVerificationRecord(user *User, provider *Provider, remoteAddr, recordT
 func getVerificationRecord(dest string) (*VerificationRecord, error) {
 	var record VerificationRecord
 	record.Receiver = dest
-	has, err := adapter.Engine.Desc("time").Where("is_used = false").Get(&record)
+	has, err := ormer.Engine.Desc("time").Where("is_used = false").Get(&record)
 	if err != nil {
 		return nil, err
 	}
@@ -198,7 +198,7 @@ func DisableVerificationCode(dest string) (err error) {
 	}
 
 	record.IsUsed = true
-	_, err = adapter.Engine.ID(core.PK{record.Owner, record.Name}).AllCols().Update(record)
+	_, err = ormer.Engine.ID(core.PK{record.Owner, record.Name}).AllCols().Update(record)
 	return
 }
 

object/webhook.go

@@ -49,7 +49,7 @@ func GetWebhookCount(owner, organization, field, value string) (int64, error) {
 
 func GetWebhooks(owner string, organization string) ([]*Webhook, error) {
 	webhooks := []*Webhook{}
-	err := adapter.Engine.Desc("created_time").Find(&webhooks, &Webhook{Owner: owner, Organization: organization})
+	err := ormer.Engine.Desc("created_time").Find(&webhooks, &Webhook{Owner: owner, Organization: organization})
 	if err != nil {
 		return webhooks, err
 	}
@@ -70,7 +70,7 @@ func GetPaginationWebhooks(owner, organization string, offset, limit int, field,
 
 func getWebhooksByOrganization(organization string) ([]*Webhook, error) {
 	webhooks := []*Webhook{}
-	err := adapter.Engine.Desc("created_time").Find(&webhooks, &Webhook{Organization: organization})
+	err := ormer.Engine.Desc("created_time").Find(&webhooks, &Webhook{Organization: organization})
 	if err != nil {
 		return webhooks, err
 	}
@@ -84,7 +84,7 @@ func getWebhook(owner string, name string) (*Webhook, error) {
 	}
 
 	webhook := Webhook{Owner: owner, Name: name}
-	existed, err := adapter.Engine.Get(&webhook)
+	existed, err := ormer.Engine.Get(&webhook)
 	if err != nil {
 		return &webhook, err
 	}
@@ -109,7 +109,7 @@ func UpdateWebhook(id string, webhook *Webhook) (bool, error) {
 		return false, nil
 	}
 
-	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(webhook)
+	affected, err := ormer.Engine.ID(core.PK{owner, name}).AllCols().Update(webhook)
 	if err != nil {
 		return false, err
 	}
@@ -118,7 +118,7 @@ func UpdateWebhook(id string, webhook *Webhook) (bool, error) {
 }
 
 func AddWebhook(webhook *Webhook) (bool, error) {
-	affected, err := adapter.Engine.Insert(webhook)
+	affected, err := ormer.Engine.Insert(webhook)
 	if err != nil {
 		return false, err
 	}
@@ -127,7 +127,7 @@ func AddWebhook(webhook *Webhook) (bool, error) {
 }
 
 func DeleteWebhook(webhook *Webhook) (bool, error) {
-	affected, err := adapter.Engine.ID(core.PK{webhook.Owner, webhook.Name}).Delete(&Webhook{})
+	affected, err := ormer.Engine.ID(core.PK{webhook.Owner, webhook.Name}).Delete(&Webhook{})
 	if err != nil {
 		return false, err
 	}

pp/alipay.go

@@ -16,7 +16,6 @@ package pp
 
 import (
 	"context"
-	"fmt"
 	"net/http"
 
 	"github.com/casdoor/casdoor/util"
@@ -67,10 +66,10 @@ func (pp *AlipayPaymentProvider) Pay(providerName string, productName string, pa
 	return payUrl, "", nil
 }
 
-func (pp *AlipayPaymentProvider) Notify(request *http.Request, body []byte, authorityPublicKey string, orderId string) (string, string, float64, string, string, error) {
+func (pp *AlipayPaymentProvider) Notify(request *http.Request, body []byte, authorityPublicKey string, orderId string) (*NotifyResult, error) {
 	bm, err := alipay.ParseNotifyToBodyMap(request)
 	if err != nil {
-		return "", "", 0, "", "", err
+		return nil, err
 	}
 
 	providerName := bm.Get("providerName")
@@ -82,13 +81,21 @@ func (pp *AlipayPaymentProvider) Notify(request *http.Request, body []byte, auth
 
 	ok, err := alipay.VerifySignWithCert(authorityPublicKey, bm)
 	if err != nil {
-		return "", "", 0, "", "", err
+		return nil, err
 	}
 	if !ok {
-		return "", "", 0, "", "", fmt.Errorf("VerifySignWithCert() failed: %v", ok)
+		return nil, err
 	}
-
-	return productDisplayName, paymentName, price, productName, providerName, nil
+	notifyResult := &NotifyResult{
+		ProductName:        productName,
+		ProductDisplayName: productDisplayName,
+		ProviderName:       providerName,
+		OutOrderId:         orderId,
+		PaymentStatus:      PaymentStatePaid,
+		Price:              price,
+		PaymentName:        paymentName,
+	}
+	return notifyResult, nil
 }
 
 func (pp *AlipayPaymentProvider) GetInvoice(paymentName string, personName string, personIdCard string, personEmail string, personPhone string, invoiceType string, invoiceTitle string, invoiceTaxId string) (string, error) {

pp/dummy.go

@@ -31,8 +31,10 @@ func (pp *DummyPaymentProvider) Pay(providerName string, productName string, pay
 	return payUrl, "", nil
 }
 
-func (pp *DummyPaymentProvider) Notify(request *http.Request, body []byte, authorityPublicKey string, orderId string) (string, string, float64, string, string, error) {
-	return "", "", 0, "", "", nil
+func (pp *DummyPaymentProvider) Notify(request *http.Request, body []byte, authorityPublicKey string, orderId string) (*NotifyResult, error) {
+	return &NotifyResult{
+		PaymentStatus: PaymentStatePaid,
+	}, nil
 }
 
 func (pp *DummyPaymentProvider) GetInvoice(paymentName string, personName string, personIdCard string, personEmail string, personPhone string, invoiceType string, invoiceTitle string, invoiceTaxId string) (string, error) {

pp/gc.go

@@ -216,11 +216,11 @@ func (pp *GcPaymentProvider) Pay(providerName string, productName string, payerN
 	return payRespInfo.PayUrl, "", nil
 }
 
-func (pp *GcPaymentProvider) Notify(request *http.Request, body []byte, authorityPublicKey string, orderId string) (string, string, float64, string, string, error) {
+func (pp *GcPaymentProvider) Notify(request *http.Request, body []byte, authorityPublicKey string, orderId string) (*NotifyResult, error) {
 	reqBody := GcRequestBody{}
 	m, err := url.ParseQuery(string(body))
 	if err != nil {
-		return "", "", 0, "", "", err
+		return nil, err
 	}
 
 	reqBody.Op = m["op"][0]
@@ -232,13 +232,13 @@ func (pp *GcPaymentProvider) Notify(request *http.Request, body []byte, authorit
 
 	notifyReqInfoBytes, err := base64.StdEncoding.DecodeString(reqBody.Data)
 	if err != nil {
-		return "", "", 0, "", "", err
+		return nil, err
 	}
 
 	var notifyRespInfo GcNotifyRespInfo
 	err = json.Unmarshal(notifyReqInfoBytes, &notifyRespInfo)
 	if err != nil {
-		return "", "", 0, "", "", err
+		return nil, err
 	}
 
 	providerName := ""
@@ -249,10 +249,18 @@ func (pp *GcPaymentProvider) Notify(request *http.Request, body []byte, authorit
 	price := notifyRespInfo.Amount
 
 	if notifyRespInfo.OrderState != "1" {
-		return "", "", 0, "", "", fmt.Errorf("error order state: %s", notifyRespInfo.OrderDate)
+		return nil, fmt.Errorf("error order state: %s", notifyRespInfo.OrderDate)
 	}
-
-	return productDisplayName, paymentName, price, productName, providerName, nil
+	notifyResult := &NotifyResult{
+		ProductName:        productName,
+		ProductDisplayName: productDisplayName,
+		ProviderName:       providerName,
+		OutOrderId:         orderId,
+		Price:              price,
+		PaymentStatus:      PaymentStatePaid,
+		PaymentName:        paymentName,
+	}
+	return notifyResult, nil
 }
 
 func (pp *GcPaymentProvider) GetInvoice(paymentName string, personName string, personIdCard string, personEmail string, personPhone string, invoiceType string, invoiceTitle string, invoiceTaxId string) (string, error) {

pp/paypal.go

@@ -20,6 +20,8 @@ import (
 	"net/http"
 	"strconv"
 
+	"github.com/casdoor/casdoor/conf"
+
 	"github.com/go-pay/gopay"
 	"github.com/go-pay/gopay/paypal"
 	"github.com/go-pay/gopay/pkg/util"
@@ -31,8 +33,14 @@ type PaypalPaymentProvider struct {
 
 func NewPaypalPaymentProvider(clientID string, secret string) (*PaypalPaymentProvider, error) {
 	pp := &PaypalPaymentProvider{}
-
-	client, err := paypal.NewClient(clientID, secret, false)
+	isProd := false
+	if conf.GetConfigString("runmode") == "prod" {
+		isProd = true
+	}
+	client, err := paypal.NewClient(clientID, secret, isProd)
+	//if !isProd {
+	//	client.DebugSwitch = gopay.DebugOn
+	//}
 	if err != nil {
 		return nil, err
 	}
@@ -42,27 +50,27 @@ func NewPaypalPaymentProvider(clientID string, secret string) (*PaypalPaymentPro
 }
 
 func (pp *PaypalPaymentProvider) Pay(providerName string, productName string, payerName string, paymentName string, productDisplayName string, price float64, currency string, returnUrl string, notifyUrl string) (string, string, error) {
-	// pp.Client.DebugSwitch = gopay.DebugOn // Set log to terminal stdout
-
+	// https://github.com/go-pay/gopay/blob/main/doc/paypal.md
 	priceStr := strconv.FormatFloat(price, 'f', 2, 64)
-	var pus []*paypal.PurchaseUnit
-	item := &paypal.PurchaseUnit{
+	units := make([]*paypal.PurchaseUnit, 0, 1)
+	unit := &paypal.PurchaseUnit{
 		ReferenceId: util.GetRandomString(16),
 		Amount: &paypal.Amount{
-			CurrencyCode: currency,
-			Value:        priceStr,
+			CurrencyCode: currency, // e.g."USD"
+			Value:        priceStr, // e.g."100.00"
 		},
 		Description: joinAttachString([]string{productDisplayName, productName, providerName}),
 	}
-	pus = append(pus, item)
+	units = append(units, unit)
 
 	bm := make(gopay.BodyMap)
 	bm.Set("intent", "CAPTURE")
-	bm.Set("purchase_units", pus)
+	bm.Set("purchase_units", units)
 	bm.SetBodyMap("application_context", func(b gopay.BodyMap) {
 		b.Set("brand_name", "Casdoor")
 		b.Set("locale", "en-PT")
 		b.Set("return_url", returnUrl)
+		b.Set("cancel_url", returnUrl)
 	})
 
 	ppRsp, err := pp.Client.CreateOrder(context.Background(), bm)
@@ -72,31 +80,65 @@ func (pp *PaypalPaymentProvider) Pay(providerName string, productName string, pa
 	if ppRsp.Code != paypal.Success {
 		return "", "", errors.New(ppRsp.Error)
 	}
-
+	// {"id":"9BR68863NE220374S","status":"CREATED",
+	// "links":[{"href":"https://api.sandbox.paypal.com/v2/checkout/orders/9BR68863NE220374S","rel":"self","method":"GET"},
+	// 			{"href":"https://www.sandbox.paypal.com/checkoutnow?token=9BR68863NE220374S","rel":"approve","method":"GET"},
+	// 			{"href":"https://api.sandbox.paypal.com/v2/checkout/orders/9BR68863NE220374S","rel":"update","method":"PATCH"},
+	// 			{"href":"https://api.sandbox.paypal.com/v2/checkout/orders/9BR68863NE220374S/capture","rel":"capture","method":"POST"}]}
 	return ppRsp.Response.Links[1].Href, ppRsp.Response.Id, nil
 }
 
-func (pp *PaypalPaymentProvider) Notify(request *http.Request, body []byte, authorityPublicKey string, orderId string) (string, string, float64, string, string, error) {
-	ppRsp, err := pp.Client.OrderCapture(context.Background(), orderId, nil)
+func (pp *PaypalPaymentProvider) Notify(request *http.Request, body []byte, authorityPublicKey string, orderId string) (*NotifyResult, error) {
+	captureRsp, err := pp.Client.OrderCapture(context.Background(), orderId, nil)
 	if err != nil {
-		return "", "", 0, "", "", err
+		return nil, err
 	}
-	if ppRsp.Code != paypal.Success {
-		return "", "", 0, "", "", errors.New(ppRsp.Error)
+	if captureRsp.Code != paypal.Success {
+		// If order is already captured, just skip this type of error and check the order detail
+		if !(len(captureRsp.ErrorResponse.Details) == 1 && captureRsp.ErrorResponse.Details[0].Issue == "ORDER_ALREADY_CAPTURED") {
+			return nil, errors.New(captureRsp.ErrorResponse.Message)
+		}
+	}
+	// Check the order detail
+	detailRsp, err := pp.Client.OrderDetail(context.Background(), orderId, nil)
+	if err != nil {
+		return nil, err
+	}
+	if captureRsp.Code != paypal.Success {
+		return nil, errors.New(captureRsp.ErrorResponse.Message)
 	}
 
-	paymentName := ppRsp.Response.Id
-	price, err := strconv.ParseFloat(ppRsp.Response.PurchaseUnits[0].Amount.Value, 64)
+	paymentName := detailRsp.Response.Id
+	price, err := strconv.ParseFloat(detailRsp.Response.PurchaseUnits[0].Amount.Value, 64)
 	if err != nil {
-		return "", "", 0, "", "", err
+		return nil, err
 	}
-
-	productDisplayName, productName, providerName, err := parseAttachString(ppRsp.Response.PurchaseUnits[0].Description)
+	currency := detailRsp.Response.PurchaseUnits[0].Amount.CurrencyCode
+	productDisplayName, productName, providerName, err := parseAttachString(detailRsp.Response.PurchaseUnits[0].Description)
 	if err != nil {
-		return "", "", 0, "", "", err
+		return nil, err
 	}
+	// TODO: status better handler, e.g.`hanging`
+	var paymentStatus PaymentState
+	switch detailRsp.Response.Status { // CREATED、SAVED、APPROVED、VOIDED、COMPLETED、PAYER_ACTION_REQUIRED
+	case "COMPLETED":
+		paymentStatus = PaymentStatePaid
+	default:
+		paymentStatus = PaymentStateError
+	}
+	notifyResult := &NotifyResult{
+		PaymentStatus: paymentStatus,
+		PaymentName:   paymentName,
 
-	return productDisplayName, paymentName, price, productName, providerName, nil
+		ProductName:        productName,
+		ProductDisplayName: productDisplayName,
+		ProviderName:       providerName,
+		Price:              price,
+		Currency:           currency,
+
+		OutOrderId: orderId,
+	}
+	return notifyResult, nil
 }
 
 func (pp *PaypalPaymentProvider) GetInvoice(paymentName string, personName string, personIdCard string, personEmail string, personPhone string, invoiceType string, invoiceTitle string, invoiceTaxId string) (string, error) {

pp/provider.go

@@ -14,11 +14,34 @@
 
 package pp
 
-import "net/http"
+import (
+	"net/http"
+)
+
+type PaymentState string
+
+const (
+	PaymentStatePaid    PaymentState = "Paid"
+	PaymentStateCreated PaymentState = "Created"
+	PaymentStateError   PaymentState = "Error"
+)
+
+type NotifyResult struct {
+	PaymentName   string
+	PaymentStatus PaymentState
+	ProviderName  string
+
+	ProductName        string
+	ProductDisplayName string
+	Price              float64
+	Currency           string
+
+	OutOrderId string
+}
 
 type PaymentProvider interface {
 	Pay(providerName string, productName string, payerName string, paymentName string, productDisplayName string, price float64, currency string, returnUrl string, notifyUrl string) (string, string, error)
-	Notify(request *http.Request, body []byte, authorityPublicKey string, orderId string) (string, string, float64, string, string, error)
+	Notify(request *http.Request, body []byte, authorityPublicKey string, orderId string) (*NotifyResult, error)
 	GetInvoice(paymentName string, personName string, personIdCard string, personEmail string, personPhone string, invoiceType string, invoiceTitle string, invoiceTaxId string) (string, error)
 	GetResponseError(err error) string
 }

pp/wechatpay.go

@@ -83,22 +83,22 @@ func (pp *WechatPaymentProvider) Pay(providerName string, productName string, pa
 	return wxRsp.Response.CodeUrl, "", nil
 }
 
-func (pp *WechatPaymentProvider) Notify(request *http.Request, body []byte, authorityPublicKey string, orderId string) (string, string, float64, string, string, error) {
+func (pp *WechatPaymentProvider) Notify(request *http.Request, body []byte, authorityPublicKey string, orderId string) (*NotifyResult, error) {
 	notifyReq, err := wechat.V3ParseNotify(request)
 	if err != nil {
-		panic(err)
+		return nil, err
 	}
 
 	cert := pp.Client.WxPublicKey()
 	err = notifyReq.VerifySignByPK(cert)
 	if err != nil {
-		return "", "", 0, "", "", err
+		return nil, err
 	}
 
 	apiKey := string(pp.Client.ApiV3Key)
 	result, err := notifyReq.DecryptCipherText(apiKey)
 	if err != nil {
-		return "", "", 0, "", "", err
+		return nil, err
 	}
 
 	paymentName := result.OutTradeNo
@@ -106,10 +106,19 @@ func (pp *WechatPaymentProvider) Notify(request *http.Request, body []byte, auth
 
 	productDisplayName, productName, providerName, err := parseAttachString(result.Attach)
 	if err != nil {
-		return "", "", 0, "", "", err
+		return nil, err
 	}
 
-	return productDisplayName, paymentName, price, productName, providerName, nil
+	notifyResult := &NotifyResult{
+		ProductName:        productName,
+		ProductDisplayName: productDisplayName,
+		ProviderName:       providerName,
+		OutOrderId:         orderId,
+		Price:              price,
+		PaymentStatus:      PaymentStatePaid,
+		PaymentName:        paymentName,
+	}
+	return notifyResult, nil
 }
 
 func (pp *WechatPaymentProvider) GetInvoice(paymentName string, personName string, personIdCard string, personEmail string, personPhone string, invoiceType string, invoiceTitle string, invoiceTaxId string) (string, error) {

routers/authz_filter.go

@@ -69,7 +69,7 @@ func getObject(ctx *context.Context) (string, string) {
 		// query == "?id=built-in/admin"
 		id := ctx.Input.Query("id")
 		if id != "" {
-			return util.GetOwnerAndNameFromId(id)
+			return util.GetOwnerAndNameFromIdNoCheck(id)
 		}
 
 		owner := ctx.Input.Query("owner")
@@ -150,7 +150,7 @@ func getUrlPath(urlPath string) string {
 	return urlPath
 }
 
-func AuthzFilter(ctx *context.Context) {
+func ApiFilter(ctx *context.Context) {
 	subOwner, subName := getSubject(ctx)
 	method := ctx.Request.Method
 	urlPath := getUrlPath(ctx.Request.URL.Path)

routers/router.go

@@ -13,10 +13,14 @@
 // limitations under the License.
 
 // Package routers
-// @APIVersion 1.0.0
-// @Title Casdoor API
-// @Description Documentation of Casdoor API
-// @Contact admin@casbin.org
+// @APIVersion 1.376.1
+// @Title Casdoor RESTful API
+// @Description Swagger Docs of Casdoor Backend API
+// @Contact casbin@googlegroups.com
+// @SecurityDefinition AccessToken apiKey Authorization header
+// @Schemes https,http
+// @ExternalDocs Find out more about Casdoor
+// @ExternalDocsUrl https://casdoor.org/
 package routers
 
 import (
@@ -113,12 +117,12 @@ func initAPI() {
 	beego.Router("/api/add-model", &controllers.ApiController{}, "POST:AddModel")
 	beego.Router("/api/delete-model", &controllers.ApiController{}, "POST:DeleteModel")
 
-	beego.Router("/api/get-adapters", &controllers.ApiController{}, "GET:GetCasbinAdapters")
-	beego.Router("/api/get-adapter", &controllers.ApiController{}, "GET:GetCasbinAdapter")
-	beego.Router("/api/update-adapter", &controllers.ApiController{}, "POST:UpdateCasbinAdapter")
-	beego.Router("/api/add-adapter", &controllers.ApiController{}, "POST:AddCasbinAdapter")
-	beego.Router("/api/delete-adapter", &controllers.ApiController{}, "POST:DeleteCasbinAdapter")
-	beego.Router("/api/sync-policies", &controllers.ApiController{}, "GET:SyncPolicies")
+	beego.Router("/api/get-adapters", &controllers.ApiController{}, "GET:GetAdapters")
+	beego.Router("/api/get-adapter", &controllers.ApiController{}, "GET:GetAdapter")
+	beego.Router("/api/update-adapter", &controllers.ApiController{}, "POST:UpdateAdapter")
+	beego.Router("/api/add-adapter", &controllers.ApiController{}, "POST:AddAdapter")
+	beego.Router("/api/delete-adapter", &controllers.ApiController{}, "POST:DeleteAdapter")
+	beego.Router("/api/get-policies", &controllers.ApiController{}, "GET:GetPolicies")
 	beego.Router("/api/update-policy", &controllers.ApiController{}, "POST:UpdatePolicy")
 	beego.Router("/api/add-policy", &controllers.ApiController{}, "POST:AddPolicy")
 	beego.Router("/api/remove-policy", &controllers.ApiController{}, "POST:RemovePolicy")
@@ -251,24 +255,12 @@ func initAPI() {
 	beego.Router("/api/update-payment", &controllers.ApiController{}, "POST:UpdatePayment")
 	beego.Router("/api/add-payment", &controllers.ApiController{}, "POST:AddPayment")
 	beego.Router("/api/delete-payment", &controllers.ApiController{}, "POST:DeletePayment")
-	beego.Router("/api/notify-payment/?:owner/?:provider/?:product/?:payment", &controllers.ApiController{}, "POST:NotifyPayment")
+	beego.Router("/api/notify-payment/?:owner/?:payment", &controllers.ApiController{}, "POST:NotifyPayment")
 	beego.Router("/api/invoice-payment", &controllers.ApiController{}, "POST:InvoicePayment")
 
 	beego.Router("/api/send-email", &controllers.ApiController{}, "POST:SendEmail")
 	beego.Router("/api/send-sms", &controllers.ApiController{}, "POST:SendSms")
 
-	beego.Router("/.well-known/openid-configuration", &controllers.RootController{}, "GET:GetOidcDiscovery")
-	beego.Router("/.well-known/jwks", &controllers.RootController{}, "*:GetJwks")
-
-	beego.Router("/cas/:organization/:application/serviceValidate", &controllers.RootController{}, "GET:CasServiceValidate")
-	beego.Router("/cas/:organization/:application/proxyValidate", &controllers.RootController{}, "GET:CasProxyValidate")
-	beego.Router("/cas/:organization/:application/proxy", &controllers.RootController{}, "GET:CasProxy")
-	beego.Router("/cas/:organization/:application/validate", &controllers.RootController{}, "GET:CasValidate")
-
-	beego.Router("/cas/:organization/:application/p3/serviceValidate", &controllers.RootController{}, "GET:CasP3ServiceAndProxyValidate")
-	beego.Router("/cas/:organization/:application/p3/proxyValidate", &controllers.RootController{}, "GET:CasP3ServiceAndProxyValidate")
-	beego.Router("/cas/:organization/:application/samlValidate", &controllers.RootController{}, "POST:SamlValidate")
-
 	beego.Router("/api/webauthn/signup/begin", &controllers.ApiController{}, "Get:WebAuthnSignupBegin")
 	beego.Router("/api/webauthn/signup/finish", &controllers.ApiController{}, "Post:WebAuthnSignupFinish")
 	beego.Router("/api/webauthn/signin/begin", &controllers.ApiController{}, "Get:WebAuthnSigninBegin")
@@ -286,4 +278,16 @@ func initAPI() {
 	beego.Router("/api/get-prometheus-info", &controllers.ApiController{}, "GET:GetPrometheusInfo")
 
 	beego.Handler("/api/metrics", promhttp.Handler())
+
+	beego.Router("/.well-known/openid-configuration", &controllers.RootController{}, "GET:GetOidcDiscovery")
+	beego.Router("/.well-known/jwks", &controllers.RootController{}, "*:GetJwks")
+
+	beego.Router("/cas/:organization/:application/serviceValidate", &controllers.RootController{}, "GET:CasServiceValidate")
+	beego.Router("/cas/:organization/:application/proxyValidate", &controllers.RootController{}, "GET:CasProxyValidate")
+	beego.Router("/cas/:organization/:application/proxy", &controllers.RootController{}, "GET:CasProxy")
+	beego.Router("/cas/:organization/:application/validate", &controllers.RootController{}, "GET:CasValidate")
+
+	beego.Router("/cas/:organization/:application/p3/serviceValidate", &controllers.RootController{}, "GET:CasP3ServiceAndProxyValidate")
+	beego.Router("/cas/:organization/:application/p3/proxyValidate", &controllers.RootController{}, "GET:CasP3ServiceAndProxyValidate")
+	beego.Router("/cas/:organization/:application/samlValidate", &controllers.RootController{}, "POST:SamlValidate")
 }

routers/static_filter.go

@@ -68,11 +68,11 @@ func StaticFilter(ctx *context.Context) {
 	if oldStaticBaseUrl == newStaticBaseUrl {
 		makeGzipResponse(ctx.ResponseWriter, ctx.Request, path)
 	} else {
-		serveFileWithReplace(ctx.ResponseWriter, ctx.Request, path, oldStaticBaseUrl, newStaticBaseUrl)
+		serveFileWithReplace(ctx.ResponseWriter, ctx.Request, path)
 	}
 }
 
-func serveFileWithReplace(w http.ResponseWriter, r *http.Request, name string, old string, new string) {
+func serveFileWithReplace(w http.ResponseWriter, r *http.Request, name string) {
 	f, err := os.Open(filepath.Clean(name))
 	if err != nil {
 		panic(err)
@@ -85,13 +85,9 @@ func serveFileWithReplace(w http.ResponseWriter, r *http.Request, name string, o
 	}
 
 	oldContent := util.ReadStringFromPath(name)
-	newContent := strings.ReplaceAll(oldContent, old, new)
+	newContent := strings.ReplaceAll(oldContent, oldStaticBaseUrl, newStaticBaseUrl)
 
 	http.ServeContent(w, r, d.Name(), d.ModTime(), strings.NewReader(newContent))
-	_, err = w.Write([]byte(newContent))
-	if err != nil {
-		panic(err)
-	}
 }
 
 type gzipResponseWriter struct {
@@ -105,12 +101,12 @@ func (w gzipResponseWriter) Write(b []byte) (int, error) {
 
 func makeGzipResponse(w http.ResponseWriter, r *http.Request, path string) {
 	if !enableGzip || !strings.Contains(r.Header.Get("Accept-Encoding"), "gzip") {
-		http.ServeFile(w, r, path)
+		serveFileWithReplace(w, r, path)
 		return
 	}
 	w.Header().Set("Content-Encoding", "gzip")
 	gz := gzip.NewWriter(w)
 	defer gz.Close()
 	gzw := gzipResponseWriter{Writer: gz, ResponseWriter: w}
-	http.ServeFile(gzw, r, path)
+	serveFileWithReplace(gzw, r, path)
 }

swagger/swagger.json

@@ -1,14 +1,18 @@
 {
     "swagger": "2.0",
     "info": {
-        "title": "Casdoor API",
-        "description": "Documentation of Casdoor API",
-        "version": "1.0.0",
+        "title": "Casdoor RESTful API",
+        "description": "Swagger Docs of Casdoor Backend API",
+        "version": "1.376.1",
         "contact": {
-            "email": "admin@casbin.org"
+            "email": "casbin@googlegroups.com"
         }
     },
     "basePath": "/",
+    "schemes": [
+        "https",
+        "http"
+    ],
     "paths": {
         "/.well-known/jwks": {
             "get": {
@@ -49,7 +53,7 @@
                     "Adapter API"
                 ],
                 "description": "add adapter",
-                "operationId": "ApiController.AddCasbinAdapter",
+                "operationId": "ApiController.AddAdapter",
                 "parameters": [
                     {
                         "in": "body",
@@ -995,7 +999,7 @@
                     "Adapter API"
                 ],
                 "description": "delete adapter",
-                "operationId": "ApiController.DeleteCasbinAdapter",
+                "operationId": "ApiController.DeleteAdapter",
                 "parameters": [
                     {
                         "in": "body",
@@ -1747,7 +1751,7 @@
                     "Adapter API"
                 ],
                 "description": "get adapter",
-                "operationId": "ApiController.GetCasbinAdapter",
+                "operationId": "ApiController.GetAdapter",
                 "parameters": [
                     {
                         "in": "query",
@@ -1773,7 +1777,7 @@
                     "Adapter API"
                 ],
                 "description": "get adapters",
-                "operationId": "ApiController.GetCasbinAdapters",
+                "operationId": "ApiController.GetAdapters",
                 "parameters": [
                     {
                         "in": "query",
@@ -3682,7 +3686,8 @@
                         "name": "id",
                         "description": "The id ( owner/name ) of the webhook",
                         "required": true,
-                        "type": "string"
+                        "type": "string",
+                        "default": "built-in/admin"
                     }
                 ],
                 "responses": {
@@ -3708,7 +3713,8 @@
                         "name": "owner",
                         "description": "The owner of webhooks",
                         "required": true,
-                        "type": "string"
+                        "type": "string",
+                        "default": "built-in/admin"
                     }
                 ],
                 "responses": {
@@ -3721,7 +3727,12 @@
                             }
                         }
                     }
-                }
+                },
+                "security": [
+                    {
+                        "test_apiKey": []
+                    }
+                ]
             }
         },
         "/api/health": {
@@ -4371,7 +4382,7 @@
                     "Adapter API"
                 ],
                 "description": "update adapter",
-                "operationId": "ApiController.UpdateCasbinAdapter",
+                "operationId": "ApiController.UpdateAdapter",
                 "parameters": [
                     {
                         "in": "query",
@@ -5170,7 +5181,8 @@
                         "name": "id",
                         "description": "The id ( owner/name ) of the webhook",
                         "required": true,
-                        "type": "string"
+                        "type": "string",
+                        "default": "built-in/admin"
                     },
                     {
                         "in": "body",
@@ -5419,14 +5431,6 @@
         }
     },
     "definitions": {
-        "1225.0xc000333110.false": {
-            "title": "false",
-            "type": "object"
-        },
-        "1260.0xc000333140.false": {
-            "title": "false",
-            "type": "object"
-        },
         "LaravelResponse": {
             "title": "LaravelResponse",
             "type": "object"
@@ -5480,10 +5484,16 @@
             "type": "object",
             "properties": {
                 "data": {
-                    "$ref": "#/definitions/1225.0xc000333110.false"
+                    "additionalProperties": {
+                        "description": "support string, struct or []struct",
+                        "type": "string"
+                    }
                 },
                 "data2": {
-                    "$ref": "#/definitions/1260.0xc000333140.false"
+                    "additionalProperties": {
+                        "description": "support string, struct or []struct",
+                        "type": "string"
+                    }
                 },
                 "msg": {
                     "type": "string"
@@ -5525,10 +5535,6 @@
             "title": "object",
             "type": "object"
         },
-        "object.\u0026{197582 0xc000ace360 false}": {
-            "title": "\u0026{197582 0xc000ace360 false}",
-            "type": "object"
-        },
         "object.AccountItem": {
             "title": "AccountItem",
             "type": "object",
@@ -5722,7 +5728,7 @@
             "title": "CasbinRequest",
             "type": "array",
             "items": {
-                "$ref": "#/definitions/object.\u0026{197582 0xc000ace360 false}"
+                "$ref": "#/definitions/object.CasbinRequest"
             }
         },
         "object.Cert": {
@@ -7866,5 +7872,16 @@
             "title": "Engine",
             "type": "object"
         }
+    },
+    "securityDefinitions": {
+        "AccessToken": {
+            "type": "apiKey",
+            "name": "Authorization",
+            "in": "header"
+        }
+    },
+    "externalDocs": {
+        "description": "Find out more about Casdoor",
+        "url": "https://casdoor.org/"
     }
 }

swagger/swagger.yml

@@ -1,11 +1,14 @@
 swagger: "2.0"
 info:
-  title: Casdoor API
-  description: Documentation of Casdoor API
-  version: 1.0.0
+  title: Casdoor RESTful API
+  description: Swagger Docs of Casdoor Backend API
+  version: 1.376.1
   contact:
-    email: admin@casbin.org
+    email: casbin@googlegroups.com
 basePath: /
+schemes:
+- https
+- http
 paths:
   /.well-known/jwks:
     get:
@@ -33,7 +36,7 @@ paths:
       tags:
       - Adapter API
       description: add adapter
-      operationId: ApiController.AddCasbinAdapter
+      operationId: ApiController.AddAdapter
       parameters:
       - in: body
         name: body
@@ -644,7 +647,7 @@ paths:
       tags:
       - Adapter API
       description: delete adapter
-      operationId: ApiController.DeleteCasbinAdapter
+      operationId: ApiController.DeleteAdapter
       parameters:
       - in: body
         name: body
@@ -1128,7 +1131,7 @@ paths:
       tags:
       - Adapter API
       description: get adapter
-      operationId: ApiController.GetCasbinAdapter
+      operationId: ApiController.GetAdapter
       parameters:
       - in: query
         name: id
@@ -1145,7 +1148,7 @@ paths:
       tags:
       - Adapter API
       description: get adapters
-      operationId: ApiController.GetCasbinAdapters
+      operationId: ApiController.GetAdapters
       parameters:
       - in: query
         name: owner
@@ -2401,6 +2404,7 @@ paths:
         description: The id ( owner/name ) of the webhook
         required: true
         type: string
+        default: built-in/admin
       responses:
         "200":
           description: The Response object
@@ -2418,6 +2422,7 @@ paths:
         description: The owner of webhooks
         required: true
         type: string
+        default: built-in/admin
       responses:
         "200":
           description: The Response object
@@ -2425,6 +2430,8 @@ paths:
             type: array
             items:
               $ref: '#/definitions/object.Webhook'
+      security:
+      - test_apiKey: []
   /api/health:
     get:
       tags:
@@ -2854,7 +2861,7 @@ paths:
       tags:
       - Adapter API
       description: update adapter
-      operationId: ApiController.UpdateCasbinAdapter
+      operationId: ApiController.UpdateAdapter
       parameters:
       - in: query
         name: id
@@ -3381,6 +3388,7 @@ paths:
         description: The id ( owner/name ) of the webhook
         required: true
         type: string
+        default: built-in/admin
       - in: body
         name: body
         description: The details of the webhook
@@ -3541,12 +3549,6 @@ paths:
           schema:
             $ref: '#/definitions/controllers.Response'
 definitions:
-  1225.0xc000333110.false:
-    title: "false"
-    type: object
-  1260.0xc000333140.false:
-    title: "false"
-    type: object
   LaravelResponse:
     title: LaravelResponse
     type: object
@@ -3586,9 +3588,13 @@ definitions:
     type: object
     properties:
       data:
-        $ref: '#/definitions/1225.0xc000333110.false'
+        additionalProperties:
+          description: support string, struct or []struct
+          type: string
       data2:
-        $ref: '#/definitions/1260.0xc000333140.false'
+        additionalProperties:
+          description: support string, struct or []struct
+          type: string
       msg:
         type: string
       name:
@@ -3615,9 +3621,6 @@ definitions:
   object:
     title: object
     type: object
-  object.&{197582 0xc000ace360 false}:
-    title: '&{197582 0xc000ace360 false}'
-    type: object
   object.AccountItem:
     title: AccountItem
     type: object
@@ -3749,7 +3752,7 @@ definitions:
     title: CasbinRequest
     type: array
     items:
-      $ref: '#/definitions/object.&{197582 0xc000ace360 false}'
+      $ref: '#/definitions/object.CasbinRequest'
   object.Cert:
     title: Cert
     type: object
@@ -5192,3 +5195,11 @@ definitions:
   xorm.Engine:
     title: Engine
     type: object
+securityDefinitions:
+  AccessToken:
+    type: apiKey
+    name: Authorization
+    in: header
+externalDocs:
+  description: Find out more about Casdoor
+  url: https://casdoor.org/

web/src/AdapterEditPage.js

@@ -13,14 +13,13 @@
 // limitations under the License.
 
 import React from "react";
-import {Button, Card, Col, Input, InputNumber, Row, Select, Switch} from "antd";
+import {Button, Card, Col, Input, Row, Select, Switch} from "antd";
 import * as AdapterBackend from "./backend/AdapterBackend";
 import * as OrganizationBackend from "./backend/OrganizationBackend";
 import * as Setting from "./Setting";
 import i18next from "i18next";
 
 import "codemirror/lib/codemirror.css";
-import * as ModelBackend from "./backend/ModelBackend";
 import PolicyTable from "./table/PoliciyTable";
 require("codemirror/theme/material-darker.css");
 require("codemirror/mode/javascript/javascript");
@@ -36,7 +35,6 @@ class AdapterEditPage extends React.Component {
       adapterName: props.match.params.adapterName,
       adapter: null,
       organizations: [],
-      models: [],
       mode: props.location.mode !== undefined ? props.location.mode : "edit",
     };
   }
@@ -58,8 +56,6 @@ class AdapterEditPage extends React.Component {
           this.setState({
             adapter: res.data,
           });
-
-          this.getModels(this.state.organizationName);
         }
       });
   }
@@ -73,24 +69,10 @@ class AdapterEditPage extends React.Component {
       });
   }
 
-  getModels(organizationName) {
-    ModelBackend.getModels(organizationName)
-      .then((res) => {
-        if (res.status === "error") {
-          Setting.showMessage("error", res.msg);
-          return;
-        }
-
-        this.setState({
-          models: res.data,
-        });
-      });
-  }
-
   parseAdapterField(key, value) {
-    if (["port"].includes(key)) {
-      value = Setting.myParseInt(value);
-    }
+    // if ([].includes(key)) {
+    //   value = Setting.myParseInt(value);
+    // }
     return value;
   }
 
@@ -104,6 +86,73 @@ class AdapterEditPage extends React.Component {
     });
   }
 
+  renderDataSourceNameConfig() {
+    if (Setting.builtInObject(this.state.adapter)) {
+      return null;
+    }
+    return (
+      <React.Fragment>{
+        this.state.adapter.databaseType === "sqlite3" ?
+          (
+            <Row style={{marginTop: "20px"}} >
+              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                {Setting.getLabel(i18next.t("syncer:File"), i18next.t("provider:File - Tooltip"))} :
+              </Col>
+              <Col span={22} >
+                <Input value={this.state.adapter.host} onChange={e => {
+                  this.updateAdapterField("file", e.target.value);
+                }} />
+              </Col>
+            </Row>
+          ) : (
+            <React.Fragment>
+              <Row style={{marginTop: "20px"}} >
+                <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                  {Setting.getLabel(i18next.t("provider:Host"), i18next.t("provider:Host - Tooltip"))} :
+                </Col>
+                <Col span={22} >
+                  <Input value={this.state.adapter.host} onChange={e => {
+                    this.updateAdapterField("host", e.target.value);
+                  }} />
+                </Col>
+              </Row>
+              <Row style={{marginTop: "20px"}} >
+                <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                  {Setting.getLabel(i18next.t("provider:Port"), i18next.t("provider:Port - Tooltip"))} :
+                </Col>
+                <Col span={22} >
+                  <Input value={this.state.adapter.port} onChange={e => {
+                    this.updateAdapterField("port", e.target.value);
+                  }} />
+                </Col>
+              </Row>
+              <Row style={{marginTop: "20px"}} >
+                <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                  {Setting.getLabel(i18next.t("general:User"), i18next.t("general:User - Tooltip"))} :
+                </Col>
+                <Col span={22} >
+                  <Input value={this.state.adapter.user} onChange={e => {
+                    this.updateAdapterField("user", e.target.value);
+                  }} />
+                </Col>
+              </Row>
+              <Row style={{marginTop: "20px"}} >
+                <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                  {Setting.getLabel(i18next.t("general:Password"), i18next.t("general:Password - Tooltip"))} :
+                </Col>
+                <Col span={22} >
+                  <Input value={this.state.adapter.password} onChange={e => {
+                    this.updateAdapterField("password", e.target.value);
+                  }} />
+                </Col>
+              </Row>
+            </React.Fragment>
+          )
+      }
+      </React.Fragment>
+    );
+  }
+
   renderAdapter() {
     return (
       <Card size="small" title={
@@ -119,8 +168,7 @@ class AdapterEditPage extends React.Component {
             {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <Select virtual={false} style={{width: "100%"}} disabled={!Setting.isAdminUser(this.props.account)} value={this.state.adapter.owner} onChange={(value => {
-              this.getModels(value);
+            <Select virtual={false} style={{width: "100%"}} disabled={!Setting.isAdminUser(this.props.account) || Setting.builtInObject(this.state.adapter)} value={this.state.adapter.owner} onChange={(value => {
               this.updateAdapterField("owner", value);
             })}>
               {
@@ -134,7 +182,7 @@ class AdapterEditPage extends React.Component {
             {Setting.getLabel(i18next.t("general:Name"), i18next.t("general:Name - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <Input value={this.state.adapter.name} onChange={e => {
+            <Input disabled={Setting.builtInObject(this.state.adapter)} value={this.state.adapter.name} onChange={e => {
               this.updateAdapterField("name", e.target.value);
             }} />
           </Col>
@@ -144,7 +192,7 @@ class AdapterEditPage extends React.Component {
             {Setting.getLabel(i18next.t("provider:Type"), i18next.t("provider:Type - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <Select virtual={false} style={{width: "100%"}} value={this.state.adapter.type} onChange={(value => {
+            <Select virtual={false} disabled={Setting.builtInObject(this.state.adapter)} style={{width: "100%"}} value={this.state.adapter.type} onChange={(value => {
               this.updateAdapterField("type", value);
               const adapter = this.state.adapter;
               // adapter["tableColumns"] = Setting.getAdapterTableColumns(this.state.adapter);
@@ -159,52 +207,12 @@ class AdapterEditPage extends React.Component {
             </Select>
           </Col>
         </Row>
-        <Row style={{marginTop: "20px"}} >
-          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("provider:Host"), i18next.t("provider:Host - Tooltip"))} :
-          </Col>
-          <Col span={22} >
-            <Input value={this.state.adapter.host} onChange={e => {
-              this.updateAdapterField("host", e.target.value);
-            }} />
-          </Col>
-        </Row>
-        <Row style={{marginTop: "20px"}} >
-          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("provider:Port"), i18next.t("provider:Port - Tooltip"))} :
-          </Col>
-          <Col span={22} >
-            <InputNumber value={this.state.adapter.port} onChange={value => {
-              this.updateAdapterField("port", value);
-            }} />
-          </Col>
-        </Row>
-        <Row style={{marginTop: "20px"}} >
-          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("general:User"), i18next.t("general:User - Tooltip"))} :
-          </Col>
-          <Col span={22} >
-            <Input value={this.state.adapter.user} onChange={e => {
-              this.updateAdapterField("user", e.target.value);
-            }} />
-          </Col>
-        </Row>
-        <Row style={{marginTop: "20px"}} >
-          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("general:Password"), i18next.t("general:Password - Tooltip"))} :
-          </Col>
-          <Col span={22} >
-            <Input value={this.state.adapter.password} onChange={e => {
-              this.updateAdapterField("password", e.target.value);
-            }} />
-          </Col>
-        </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
             {Setting.getLabel(i18next.t("syncer:Database type"), i18next.t("syncer:Database type - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <Select virtual={false} style={{width: "100%"}} value={this.state.adapter.databaseType} onChange={(value => {this.updateAdapterField("databaseType", value);})}>
+            <Select virtual={false} disabled={Setting.builtInObject(this.state.adapter)} style={{width: "100%"}} value={this.state.adapter.databaseType} onChange={(value => {this.updateAdapterField("databaseType", value);})}>
               {
                 [
                   {id: "mysql", name: "MySQL"},
@@ -217,12 +225,13 @@ class AdapterEditPage extends React.Component {
             </Select>
           </Col>
         </Row>
+        {this.state.adapter.type === "Database" ? this.renderDataSourceNameConfig() : null}
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
             {Setting.getLabel(i18next.t("syncer:Database"), i18next.t("syncer:Database - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <Input value={this.state.adapter.database} onChange={e => {
+            <Input disabled={Setting.builtInObject(this.state.adapter)} value={this.state.adapter.database} onChange={e => {
               this.updateAdapterField("database", e.target.value);
             }} />
           </Col>
@@ -233,25 +242,11 @@ class AdapterEditPage extends React.Component {
           </Col>
           <Col span={22} >
             <Input value={this.state.adapter.table}
-              disabled={this.state.adapter.type === "Keycloak"} onChange={e => {
+              disabled={Setting.builtInObject(this.state.adapter)} onChange={e => {
                 this.updateAdapterField("table", e.target.value);
               }} />
           </Col>
         </Row>
-        <Row style={{marginTop: "20px"}} >
-          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("general:Model"), i18next.t("general:Model - Tooltip"))} :
-          </Col>
-          <Col span={22} >
-            <Select virtual={false} style={{width: "100%"}} value={this.state.adapter.model} onChange={(model => {
-              this.updateAdapterField("model", model);
-            })}>
-              {
-                this.state.models.map((model, index) => <Option key={index} value={model.name}>{model.name}</Option>)
-              }
-            </Select>
-          </Col>
-        </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
             {Setting.getLabel(i18next.t("adapter:Policies"), i18next.t("adapter:Policies - Tooltip"))} :

web/src/AdapterListPage.js

@@ -32,7 +32,7 @@ class AdapterListPage extends BaseListPage {
       createdTime: moment().format(),
       type: "Database",
       host: "localhost",
-      port: 3306,
+      port: "3306",
       user: "root",
       password: "123456",
       databaseType: "mysql",
@@ -206,6 +206,7 @@ class AdapterListPage extends BaseListPage {
             <div>
               <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/adapters/${record.owner}/${record.name}`)}>{i18next.t("general:Edit")}</Button>
               <PopconfirmModal
+                disabled={Setting.builtInObject(record)}
                 title={i18next.t("general:Sure to delete") + `: ${record.name} ?`}
                 onConfirm={() => this.deleteAdapter(index)}
               >

web/src/App.js

@@ -641,10 +641,10 @@ class App extends Component {
         <Route exact path="/subscriptions/:organizationName/:subscriptionName" render={(props) => this.renderLoginIfNotLoggedIn(<SubscriptionEditPage account={this.state.account} {...props} />)} />
         <Route exact path="/products" render={(props) => this.renderLoginIfNotLoggedIn(<ProductListPage account={this.state.account} {...props} />)} />
         <Route exact path="/products/:organizationName/:productName" render={(props) => this.renderLoginIfNotLoggedIn(<ProductEditPage account={this.state.account} {...props} />)} />
-        <Route exact path="/products/:productName/buy" render={(props) => this.renderLoginIfNotLoggedIn(<ProductBuyPage account={this.state.account} {...props} />)} />
+        <Route exact path="/products/:organizationName/:productName/buy" render={(props) => this.renderLoginIfNotLoggedIn(<ProductBuyPage account={this.state.account} {...props} />)} />
         <Route exact path="/payments" render={(props) => this.renderLoginIfNotLoggedIn(<PaymentListPage account={this.state.account} {...props} />)} />
-        <Route exact path="/payments/:paymentName" render={(props) => this.renderLoginIfNotLoggedIn(<PaymentEditPage account={this.state.account} {...props} />)} />
-        <Route exact path="/payments/:paymentName/result" render={(props) => this.renderLoginIfNotLoggedIn(<PaymentResultPage account={this.state.account} {...props} />)} />
+        <Route exact path="/payments/:organizationName/:paymentName" render={(props) => this.renderLoginIfNotLoggedIn(<PaymentEditPage account={this.state.account} {...props} />)} />
+        <Route exact path="/payments/:organizationName/:paymentName/result" render={(props) => this.renderLoginIfNotLoggedIn(<PaymentResultPage account={this.state.account} {...props} />)} />
         <Route exact path="/records" render={(props) => this.renderLoginIfNotLoggedIn(<RecordListPage account={this.state.account} {...props} />)} />
         <Route exact path="/mfa/setup" render={(props) => this.renderLoginIfNotLoggedIn(<MfaSetupPage account={this.state.account} onfinish={() => this.setState({requiredEnableMfa: false})} {...props} />)} />
         <Route exact path="/.well-known/openid-configuration" render={(props) => <OdicDiscoveryPage />} />

web/src/EnforcerEditPage.js

@@ -122,7 +122,7 @@ class EnforcerEditPage extends React.Component {
             {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <Select virtual={false} style={{width: "100%"}} disabled={!Setting.isAdminUser(this.props.account)} value={this.state.enforcer.owner} onChange={(owner => {
+            <Select virtual={false} style={{width: "100%"}} disabled={!Setting.isAdminUser(this.props.account) || Setting.builtInObject(this.state.enforcer)} value={this.state.enforcer.owner} onChange={(owner => {
               this.updateEnforcerField("owner", owner);
               this.getModels(owner);
               this.getAdapters(owner);
@@ -136,7 +136,7 @@ class EnforcerEditPage extends React.Component {
             {Setting.getLabel(i18next.t("general:Name"), i18next.t("general:Name - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <Input value={this.state.enforcer.name} onChange={e => {
+            <Input disabled={Setting.builtInObject(this.state.enforcer)} value={this.state.enforcer.name} onChange={e => {
               this.updateEnforcerField("name", e.target.value);
             }} />
           </Col>
@@ -166,10 +166,10 @@ class EnforcerEditPage extends React.Component {
             {Setting.getLabel(i18next.t("general:Model"), i18next.t("general:Model - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <Select virtual={false} style={{width: "100%"}} value={this.state.enforcer.model} onChange={(model => {
+            <Select virtual={false} disabled={Setting.builtInObject(this.state.enforcer)} style={{width: "100%"}} value={this.state.enforcer.model} onChange={(model => {
               this.updateEnforcerField("model", model);
             })}
-            options={this.state.models.map((model) => Setting.getOption(model.displayName, model.name))
+            options={this.state.models.map((model) => Setting.getOption(model.displayName, `${model.owner}/${model.name}`))
             } />
           </Col>
         </Row>
@@ -178,10 +178,10 @@ class EnforcerEditPage extends React.Component {
             {Setting.getLabel(i18next.t("general:Adapter"), i18next.t("general:Adapter - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <Select virtual={false} style={{width: "100%"}} value={this.state.enforcer.adapter} onChange={(adapter => {
+            <Select virtual={false} disabled={Setting.builtInObject(this.state.enforcer)} style={{width: "100%"}} value={this.state.enforcer.adapter} onChange={(adapter => {
               this.updateEnforcerField("adapter", adapter);
             })}
-            options={this.state.adapters.map((adapter) => Setting.getOption(adapter.name, adapter.name))
+            options={this.state.adapters.map((adapter) => Setting.getOption(adapter.name, `${adapter.owner}/${adapter.name}`))
             } />
           </Col>
         </Row>

web/src/EnforcerListPage.js

@@ -144,6 +144,7 @@ class EnforcerListPage extends BaseListPage {
               <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary"
                 onClick={() => this.props.history.push(`/enforcers/${record.owner}/${record.name}`)}>{i18next.t("general:Edit")}</Button>
               <PopconfirmModal
+                disabled={Setting.builtInObject(record)}
                 title={i18next.t("general:Sure to delete") + `: ${record.name} ?`}
                 onConfirm={() => this.deleteEnforcer(index)}
               >

web/src/ModelEditPage.js

@@ -105,7 +105,7 @@ class ModelEditPage extends React.Component {
             {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <Select virtual={false} style={{width: "100%"}} disabled={!Setting.isAdminUser(this.props.account)} value={this.state.model.owner} onChange={(value => {this.updateModelField("owner", value);})}>
+            <Select virtual={false} style={{width: "100%"}} disabled={!Setting.isAdminUser(this.props.account) || Setting.builtInObject(this.state.model)} value={this.state.model.owner} onChange={(value => {this.updateModelField("owner", value);})}>
               {
                 this.state.organizations.map((organization, index) => <Option key={index} value={organization.name}>{organization.name}</Option>)
               }
@@ -117,7 +117,7 @@ class ModelEditPage extends React.Component {
             {Setting.getLabel(i18next.t("general:Name"), i18next.t("general:Name - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <Input value={this.state.model.name} onChange={e => {
+            <Input disabled={Setting.builtInObject(this.state.model)} value={this.state.model.name} onChange={e => {
               this.updateModelField("name", e.target.value);
             }} />
           </Col>
@@ -152,6 +152,9 @@ class ModelEditPage extends React.Component {
                 value={this.state.model.modelText}
                 options={{mode: "properties", theme: "default"}}
                 onBeforeChange={(editor, data, value) => {
+                  if (Setting.builtInObject(this.state.model)) {
+                    return;
+                  }
                   this.updateModelField("modelText", value);
                 }}
               />

web/src/ModelListPage.js

@@ -160,6 +160,7 @@ class ModelListPage extends BaseListPage {
               <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary"
                 onClick={() => this.props.history.push(`/models/${record.owner}/${record.name}`)}>{i18next.t("general:Edit")}</Button>
               <PopconfirmModal
+                disabled={Setting.builtInObject(record)}
                 title={i18next.t("general:Sure to delete") + `: ${record.name} ?`}
                 onConfirm={() => this.deleteModel(index)}
               >

web/src/PaymentEditPage.js

@@ -40,7 +40,7 @@ class PaymentEditPage extends React.Component {
   }
 
   getPayment() {
-    PaymentBackend.getPayment("admin", this.state.paymentName)
+    PaymentBackend.getPayment(this.state.organizationName, this.state.paymentName)
       .then((res) => {
         if (res.data === null) {
           this.props.history.push("/404");

web/src/PaymentListPage.js

@@ -28,13 +28,12 @@ class PaymentListPage extends BaseListPage {
     const randomName = Setting.getRandomName();
     const organizationName = Setting.getRequestOrganization(this.props.account);
     return {
-      owner: "admin",
+      owner: organizationName,
       name: `payment_${randomName}`,
       createdTime: moment().format(),
       displayName: `New Payment - ${randomName}`,
       provider: "provider_pay_paypal",
       type: "PayPal",
-      organization: organizationName,
       user: "admin",
       productName: "computer-1",
       productDisplayName: "A notebook computer",
@@ -54,7 +53,7 @@ class PaymentListPage extends BaseListPage {
     PaymentBackend.addPayment(newPayment)
       .then((res) => {
         if (res.status === "ok") {
-          this.props.history.push({pathname: `/payments/${newPayment.name}`, mode: "add"});
+          this.props.history.push({pathname: `/payments/${newPayment.owner}/${newPayment.name}`, mode: "add"});
           Setting.showMessage("success", i18next.t("general:Successfully added"));
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to add")}: ${res.msg}`);
@@ -96,7 +95,7 @@ class PaymentListPage extends BaseListPage {
         ...this.getColumnSearchProps("name"),
         render: (text, record, index) => {
           return (
-            <Link to={`/payments/${text}`}>
+            <Link to={`/payments/${record.owner}/${text}`}>
               {text}
             </Link>
           );
@@ -112,7 +111,7 @@ class PaymentListPage extends BaseListPage {
         ...this.getColumnSearchProps("provider"),
         render: (text, record, index) => {
           return (
-            <Link to={`/providers/${text}`}>
+            <Link to={`/providers/${record.owner}/${text}`}>
               {text}
             </Link>
           );
@@ -120,11 +119,11 @@ class PaymentListPage extends BaseListPage {
       },
       {
         title: i18next.t("general:Organization"),
-        dataIndex: "organization",
-        key: "organization",
+        dataIndex: "owner",
+        key: "owner",
         width: "120px",
         sorter: true,
-        ...this.getColumnSearchProps("organization"),
+        ...this.getColumnSearchProps("owner"),
         render: (text, record, index) => {
           return (
             <Link to={`/organizations/${text}`}>
@@ -142,7 +141,7 @@ class PaymentListPage extends BaseListPage {
         ...this.getColumnSearchProps("user"),
         render: (text, record, index) => {
           return (
-            <Link to={`/users/${record.organization}/${text}`}>
+            <Link to={`/users/${record.owner}/${text}`}>
               {text}
             </Link>
           );
@@ -222,8 +221,8 @@ class PaymentListPage extends BaseListPage {
         render: (text, record, index) => {
           return (
             <div>
-              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} onClick={() => this.props.history.push(`/payments/${record.name}/result`)}>{i18next.t("payment:Result")}</Button>
-              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/payments/${record.name}`)}>{i18next.t("general:Edit")}</Button>
+              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} onClick={() => this.props.history.push(`/payments/${record.owner}/${record.name}/result`)}>{i18next.t("payment:Result")}</Button>
+              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/payments/${record.owner}/${record.name}`)}>{i18next.t("general:Edit")}</Button>
               <PopconfirmModal
                 title={i18next.t("general:Sure to delete") + `: ${record.name} ?`}
                 onConfirm={() => this.deletePayment(index)}
@@ -266,7 +265,7 @@ class PaymentListPage extends BaseListPage {
       value = params.type;
     }
     this.setState({loading: true});
-    PaymentBackend.getPayments("admin", Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    PaymentBackend.getPayments(Setting.getRequestOrganization(this.props.account), Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
       .then((res) => {
         this.setState({
           loading: false,

web/src/PaymentResultPage.js

@@ -24,6 +24,7 @@ class PaymentResultPage extends React.Component {
     this.state = {
       classes: props,
       paymentName: props.match.params.paymentName,
+      organizationName: props.match.params.organizationName,
       payment: null,
       timeout: null,
     };
@@ -40,18 +41,37 @@ class PaymentResultPage extends React.Component {
   }
 
   getPayment() {
-    PaymentBackend.getPayment("admin", this.state.paymentName)
+    PaymentBackend.getPayment(this.state.organizationName, this.state.paymentName)
       .then((res) => {
         this.setState({
           payment: res.data,
         });
-
+        // window.console.log("payment=", res.data);
         if (res.data.state === "Created") {
-          this.setState({timeout: setTimeout(() => this.getPayment(), 1000)});
+          if (res.data.type === "PayPal") {
+            this.setState({
+              timeout: setTimeout(() => {
+                PaymentBackend.notifyPayment(this.state.organizationName, this.state.paymentName)
+                  .then((res) => {
+                    this.getPayment();
+                  });
+              }, 1000),
+            });
+          } else {
+            this.setState({timeout: setTimeout(() => this.getPayment(), 1000)});
+          }
         }
       });
   }
 
+  goToPaymentUrl(payment) {
+    if (payment.returnUrl === undefined || payment.returnUrl === null || payment.returnUrl === "") {
+      Setting.goToLink(`${window.location.origin}/products/${payment.owner}/${payment.productName}/buy`);
+    } else {
+      Setting.goToLink(payment.returnUrl);
+    }
+  }
+
   render() {
     const payment = this.state.payment;
 
@@ -71,7 +91,7 @@ class PaymentResultPage extends React.Component {
             subTitle={i18next.t("payment:Please click the below button to return to the original website")}
             extra={[
               <Button type="primary" key="returnUrl" onClick={() => {
-                Setting.goToLink(payment.returnUrl);
+                this.goToPaymentUrl(payment);
               }}>
                 {i18next.t("payment:Return to Website")}
               </Button>,
@@ -107,7 +127,7 @@ class PaymentResultPage extends React.Component {
             subTitle={i18next.t("payment:Please click the below button to return to the original website")}
             extra={[
               <Button type="primary" key="returnUrl" onClick={() => {
-                Setting.goToLink(payment.returnUrl);
+                this.goToPaymentUrl(payment);
               }}>
                 {i18next.t("payment:Return to Website")}
               </Button>,

web/src/PermissionEditPage.js

@@ -30,7 +30,7 @@ class PermissionEditPage extends React.Component {
     this.state = {
       classes: props,
       organizationName: props.organizationName !== undefined ? props.organizationName : props.match.params.organizationName,
-      permissionName: props.match.params.permissionName,
+      permissionName: decodeURIComponent(props.match.params.permissionName),
       permission: null,
       organizations: [],
       model: null,
@@ -320,7 +320,7 @@ class PermissionEditPage extends React.Component {
             {Setting.getLabel(i18next.t("permission:Actions"), i18next.t("permission:Actions - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <Select virtual={false} mode="multiple" style={{width: "100%"}} value={this.state.permission.actions} onChange={(value => {
+            <Select virtual={false} mode={(this.state.permission.resourceType === "Custom") ? "tags" : "multiple"} style={{width: "100%"}} value={this.state.permission.actions} onChange={(value => {
               this.updatePermissionField("actions", value);
             })}
             options={[
@@ -449,7 +449,7 @@ class PermissionEditPage extends React.Component {
           if (willExist) {
             this.props.history.push("/permissions");
           } else {
-            this.props.history.push(`/permissions/${this.state.permission.owner}/${this.state.permission.name}`);
+            this.props.history.push(`/permissions/${this.state.permission.owner}/${encodeURIComponent(this.state.permission.name)}`);
           }
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to save")}: ${res.msg}`);

web/src/PermissionListPage.js

@@ -128,7 +128,7 @@ class PermissionListPage extends BaseListPage {
         ...this.getColumnSearchProps("name"),
         render: (text, record, index) => {
           return (
-            <Link to={`/permissions/${record.owner}/${text}`}>
+            <Link to={`/permissions/${record.owner}/${encodeURIComponent(text)}`}>
               {text}
             </Link>
           );
@@ -336,7 +336,7 @@ class PermissionListPage extends BaseListPage {
         render: (text, record, index) => {
           return (
             <div>
-              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/permissions/${record.owner}/${record.name}`)}>{i18next.t("general:Edit")}</Button>
+              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/permissions/${record.owner}/${encodeURIComponent(record.name)}`)}>{i18next.t("general:Edit")}</Button>
               <PopconfirmModal
                 title={i18next.t("general:Sure to delete") + `: ${record.name} ?`}
                 onConfirm={() => this.deletePermission(index)}

web/src/PlanListPage.js

@@ -148,7 +148,7 @@ class PlanListPage extends BaseListPage {
         ...this.getColumnSearchProps("role"),
         render: (text, record, index) => {
           return (
-            <Link to={`/roles/${text}`}>
+            <Link to={`/roles/${encodeURIComponent(text)}`}>
               {text}
             </Link>
           );

web/src/ProductBuyPage.js

@@ -24,7 +24,8 @@ class ProductBuyPage extends React.Component {
     super(props);
     this.state = {
       classes: props,
-      productName: props.match?.params.productName,
+      organizationName: props.organizationName !== undefined ? props.organizationName : props?.match?.params?.organizationName,
+      productName: props.productName !== undefined ? props.productName : props?.match?.params?.productName,
       product: null,
       isPlacingOrder: false,
       qrCodeModalProvider: null,
@@ -36,17 +37,15 @@ class ProductBuyPage extends React.Component {
   }
 
   getProduct() {
-    if (this.state.productName === undefined) {
-      return;
+    if (this.state.productName === undefined || this.state.organizationName === undefined) {
+      return ;
     }
-
-    ProductBackend.getProduct(this.props.account.owner, this.state.productName)
+    ProductBackend.getProduct(this.state.organizationName, this.state.productName)
       .then((res) => {
         if (res.status === "error") {
           Setting.showMessage("error", res.msg);
           return;
         }
-
         this.setState({
           product: res.data,
         });
@@ -97,7 +96,7 @@ class ProductBuyPage extends React.Component {
       isPlacingOrder: true,
     });
 
-    ProductBackend.buyProduct(this.state.product.owner, this.state.productName, provider.name)
+    ProductBackend.buyProduct(product.owner, product.name, provider.name)
       .then((res) => {
         if (res.status === "ok") {
           const payUrl = res.data;

web/src/ProductEditPage.js

@@ -295,7 +295,7 @@ class ProductEditPage extends React.Component {
   }
 
   renderPreview() {
-    const buyUrl = `/products/${this.state.product.name}/buy`;
+    const buyUrl = `/products/${this.state.product.owner}/${this.state.product.name}/buy`;
     return (
       <Col span={22} style={{display: "flex", flexDirection: "column"}}>
         <a style={{marginBottom: "10px", display: "flex"}} target="_blank" rel="noreferrer" href={buyUrl}>

web/src/ProductListPage.js

@@ -102,6 +102,13 @@ class ProductListPage extends BaseListPage {
         width: "150px",
         sorter: true,
         ...this.getColumnSearchProps("owner"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/organizations/${text}`}>
+              {text}
+            </Link>
+          );
+        },
       },
       {
         title: i18next.t("general:Created time"),
@@ -189,6 +196,7 @@ class ProductListPage extends BaseListPage {
         width: "500px",
         ...this.getColumnSearchProps("providers"),
         render: (text, record, index) => {
+          const providerOwner = record.owner;
           const providers = text;
           if (providers.length === 0) {
             return `(${i18next.t("general:empty")})`;
@@ -207,9 +215,9 @@ class ProductListPage extends BaseListPage {
                     <List.Item>
                       <div style={{display: "inline"}}>
                         <Tooltip placement="topLeft" title="Edit">
-                          <Button style={{marginRight: "5px"}} icon={<EditOutlined />} size="small" onClick={() => Setting.goToLinkSoft(this, `/providers/${providerName}`)} />
+                          <Button style={{marginRight: "5px"}} icon={<EditOutlined />} size="small" onClick={() => Setting.goToLinkSoft(this, `/providers/${providerOwner}/${providerName}`)} />
                         </Tooltip>
-                        <Link to={`/providers/${providerName}`}>
+                        <Link to={`/providers/${providerOwner}/${providerName}`}>
                           {providerName}
                         </Link>
                       </div>
@@ -247,7 +255,7 @@ class ProductListPage extends BaseListPage {
         render: (text, record, index) => {
           return (
             <div>
-              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} onClick={() => this.props.history.push(`/products/${record.name}/buy`)}>{i18next.t("product:Buy")}</Button>
+              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} onClick={() => this.props.history.push(`/products/${record.owner}/${record.name}/buy`)}>{i18next.t("product:Buy")}</Button>
               <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/products/${record.owner}/${record.name}`)}>{i18next.t("general:Edit")}</Button>
               <PopconfirmModal
                 title={i18next.t("general:Sure to delete") + `: ${record.name} ?`}

web/src/RoleEditPage.js

@@ -26,7 +26,7 @@ class RoleEditPage extends React.Component {
     this.state = {
       classes: props,
       organizationName: props.organizationName !== undefined ? props.organizationName : props.match.params.organizationName,
-      roleName: props.match.params.roleName,
+      roleName: decodeURIComponent(props.match.params.roleName),
       role: null,
       organizations: [],
       users: [],
@@ -225,7 +225,7 @@ class RoleEditPage extends React.Component {
           if (willExist) {
             this.props.history.push("/roles");
           } else {
-            this.props.history.push(`/roles/${this.state.role.owner}/${this.state.role.name}`);
+            this.props.history.push(`/roles/${this.state.role.owner}/${encodeURIComponent(this.state.role.name)}`);
           }
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to save")}: ${res.msg}`);

web/src/RoleListPage.js

@@ -121,7 +121,7 @@ class RoleListPage extends BaseListPage {
         ...this.getColumnSearchProps("name"),
         render: (text, record, index) => {
           return (
-            <Link to={`/roles/${record.owner}/${record.name}`}>
+            <Link to={`/roles/${record.owner}/${encodeURIComponent(record.name)}`}>
               {text}
             </Link>
           );
@@ -213,7 +213,7 @@ class RoleListPage extends BaseListPage {
         render: (text, record, index) => {
           return (
             <div>
-              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/roles/${record.owner}/${record.name}`)}>{i18next.t("general:Edit")}</Button>
+              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/roles/${record.owner}/${encodeURIComponent(record.name)}`)}>{i18next.t("general:Edit")}</Button>
               <PopconfirmModal
                 title={i18next.t("general:Sure to delete") + `: ${record.name} ?`}
                 onConfirm={() => this.deleteRole(index)}

web/src/Setting.js

@@ -1218,3 +1218,19 @@ export function isDefaultOrganizationSelected(account) {
   }
   return false;
 }
+
+const BuiltInObjects = [
+  "api-enforcer-built-in",
+  "permission-enforcer-built-in",
+  "api-model-built-in",
+  "permission-model-built-in",
+  "api-adapter-built-in",
+  "permission-adapter-built-in",
+];
+
+export function builtInObject(obj) {
+  if (obj === undefined || obj === null) {
+    return false;
+  }
+  return obj.owner === "built-in" && BuiltInObjects.includes(obj.name);
+}

web/src/backend/AdapterBackend.js

@@ -103,8 +103,8 @@ export function RemovePolicy(owner, name, policy) {
   }).then(res => res.json());
 }
 
-export function syncPolicies(owner, name) {
-  return fetch(`${Setting.ServerUrl}/api/sync-policies?id=${owner}/${encodeURIComponent(name)}`, {
+export function getPolicies(owner, name) {
+  return fetch(`${Setting.ServerUrl}/api/get-policies?id=${owner}/${encodeURIComponent(name)}`, {
     method: "GET",
     credentials: "include",
     headers: {

web/src/backend/LdapBackend.js

@@ -77,8 +77,8 @@ export function getLdapUser(owner, name) {
   }).then(res => res.json());
 }
 
-export function syncUsers(owner, ldapId, body) {
-  return fetch(`${Setting.ServerUrl}/api/sync-ldap-users?owner=${owner}&ldapId=${ldapId}`, {
+export function syncUsers(owner, name, body) {
+  return fetch(`${Setting.ServerUrl}/api/sync-ldap-users?id=${owner}/${encodeURIComponent(name)}`, {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(body),

web/src/backend/PaymentBackend.js

@@ -79,3 +79,13 @@ export function invoicePayment(owner, name) {
     },
   }).then(res => res.json());
 }
+
+export function notifyPayment(owner, name) {
+  return fetch(`${Setting.ServerUrl}/api/notify-payment/${owner}/${name}`, {
+    method: "POST",
+    credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}

web/src/locales/de/data.json

@@ -152,6 +152,10 @@
     "Sending": "Sendet",
     "Submit and complete": "Einreichen und abschließen"
   },
+  "enforcer": {
+    "Edit Enforcer": "Edit Enforcer",
+    "New Enforcer": "New Enforcer"
+  },
   "forget": {
     "Account": "Konto",
     "Change Password": "Passwort ändern",
@@ -215,6 +219,7 @@
     "Enable": "Enable",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
+    "Enforcers": "Enforcers",
     "Failed to add": "Fehler beim hinzufügen",
     "Failed to connect to server": "Die Verbindung zum Server konnte nicht hergestellt werden",
     "Failed to delete": "Konnte nicht gelöscht werden",

web/src/locales/en/data.json

@@ -152,6 +152,10 @@
     "Sending": "Sending",
     "Submit and complete": "Submit and complete"
   },
+  "enforcer": {
+    "Edit Enforcer": "Edit Enforcer",
+    "New Enforcer": "New Enforcer"
+  },
   "forget": {
     "Account": "Account",
     "Change Password": "Change Password",
@@ -215,6 +219,7 @@
     "Enable": "Enable",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
+    "Enforcers": "Enforcers",
     "Failed to add": "Failed to add",
     "Failed to connect to server": "Failed to connect to server",
     "Failed to delete": "Failed to delete",

web/src/locales/es/data.json

@@ -152,6 +152,10 @@
     "Sending": "Envío",
     "Submit and complete": "Enviar y completar"
   },
+  "enforcer": {
+    "Edit Enforcer": "Edit Enforcer",
+    "New Enforcer": "New Enforcer"
+  },
   "forget": {
     "Account": "Cuenta",
     "Change Password": "Cambiar contraseña",
@@ -215,6 +219,7 @@
     "Enable": "Enable",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
+    "Enforcers": "Enforcers",
     "Failed to add": "No se pudo agregar",
     "Failed to connect to server": "No se pudo conectar al servidor",
     "Failed to delete": "No se pudo eliminar",

web/src/locales/fr/data.json

@@ -152,6 +152,10 @@
     "Sending": "Envoi",
     "Submit and complete": "Soumettre et compléter"
   },
+  "enforcer": {
+    "Edit Enforcer": "Edit Enforcer",
+    "New Enforcer": "New Enforcer"
+  },
   "forget": {
     "Account": "Compte",
     "Change Password": "Changer le mot de passe",
@@ -215,6 +219,7 @@
     "Enable": "Enable",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
+    "Enforcers": "Enforcers",
     "Failed to add": "Échec d'ajout",
     "Failed to connect to server": "Échec de la connexion au serveur",
     "Failed to delete": "Échec de la suppression",

web/src/locales/id/data.json

@@ -152,6 +152,10 @@
     "Sending": "Mengirimkan",
     "Submit and complete": "Kirim dan selesaikan"
   },
+  "enforcer": {
+    "Edit Enforcer": "Edit Enforcer",
+    "New Enforcer": "New Enforcer"
+  },
   "forget": {
     "Account": "Akun",
     "Change Password": "Ubah Kata Sandi",
@@ -215,6 +219,7 @@
     "Enable": "Enable",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
+    "Enforcers": "Enforcers",
     "Failed to add": "Gagal menambahkan",
     "Failed to connect to server": "Gagal terhubung ke server",
     "Failed to delete": "Gagal menghapus",

web/src/locales/ja/data.json

@@ -152,6 +152,10 @@
     "Sending": "送信",
     "Submit and complete": "提出して完了してください"
   },
+  "enforcer": {
+    "Edit Enforcer": "Edit Enforcer",
+    "New Enforcer": "New Enforcer"
+  },
   "forget": {
     "Account": "アカウント",
     "Change Password": "パスワードを変更",
@@ -215,6 +219,7 @@
     "Enable": "Enable",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
+    "Enforcers": "Enforcers",
     "Failed to add": "追加できませんでした",
     "Failed to connect to server": "サーバーに接続できませんでした",
     "Failed to delete": "削除に失敗しました",

web/src/locales/ko/data.json

@@ -152,6 +152,10 @@
     "Sending": "전송하기",
     "Submit and complete": "제출하고 완료하십시오"
   },
+  "enforcer": {
+    "Edit Enforcer": "Edit Enforcer",
+    "New Enforcer": "New Enforcer"
+  },
   "forget": {
     "Account": "계정",
     "Change Password": "비밀번호 변경",
@@ -215,6 +219,7 @@
     "Enable": "Enable",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
+    "Enforcers": "Enforcers",
     "Failed to add": "추가하지 못했습니다",
     "Failed to connect to server": "서버에 연결하지 못했습니다",
     "Failed to delete": "삭제에 실패했습니다",

web/src/locales/pt/data.json

@@ -152,6 +152,10 @@
     "Sending": "Enviando",
     "Submit and complete": "Enviar e concluir"
   },
+  "enforcer": {
+    "Edit Enforcer": "Edit Enforcer",
+    "New Enforcer": "New Enforcer"
+  },
   "forget": {
     "Account": "Conta",
     "Change Password": "Alterar Senha",
@@ -215,6 +219,7 @@
     "Enable": "Habilitar",
     "Enabled": "Habilitado",
     "Enabled successfully": "Habilitado com sucesso",
+    "Enforcers": "Enforcers",
     "Failed to add": "Falha ao adicionar",
     "Failed to connect to server": "Falha ao conectar ao servidor",
     "Failed to delete": "Falha ao excluir",

web/src/locales/ru/data.json

@@ -152,6 +152,10 @@
     "Sending": "Отправка",
     "Submit and complete": "Отправить и завершить"
   },
+  "enforcer": {
+    "Edit Enforcer": "Edit Enforcer",
+    "New Enforcer": "New Enforcer"
+  },
   "forget": {
     "Account": "Счет",
     "Change Password": "Изменить пароль",
@@ -215,6 +219,7 @@
     "Enable": "Enable",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
+    "Enforcers": "Enforcers",
     "Failed to add": "Не удалось добавить",
     "Failed to connect to server": "Не удалось подключиться к серверу",
     "Failed to delete": "Не удалось удалить",

web/src/locales/vi/data.json

@@ -152,6 +152,10 @@
     "Sending": "Gửi",
     "Submit and complete": "Nộp và hoàn thành"
   },
+  "enforcer": {
+    "Edit Enforcer": "Edit Enforcer",
+    "New Enforcer": "New Enforcer"
+  },
   "forget": {
     "Account": "Tài khoản",
     "Change Password": "Đổi mật khẩu",
@@ -215,6 +219,7 @@
     "Enable": "Enable",
     "Enabled": "Enabled",
     "Enabled successfully": "Enabled successfully",
+    "Enforcers": "Enforcers",
     "Failed to add": "Không thể thêm được",
     "Failed to connect to server": "Không thể kết nối đến máy chủ",
     "Failed to delete": "Không thể xoá",

web/src/locales/zh/data.json

@@ -152,6 +152,10 @@
     "Sending": "发送中",
     "Submit and complete": "完成提交"
   },
+  "enforcer": {
+    "Edit Enforcer": "Edit Enforcer",
+    "New Enforcer": "New Enforcer"
+  },
   "forget": {
     "Account": "账号",
     "Change Password": "修改密码",
@@ -215,6 +219,7 @@
     "Enable": "启用",
     "Enabled": "已开启",
     "Enabled successfully": "启用成功",
+    "Enforcers": "Enforcers",
     "Failed to add": "添加失败",
     "Failed to connect to server": "连接服务器失败",
     "Failed to delete": "删除失败",

web/src/pricing/PricingPage.js

@@ -85,17 +85,17 @@ class PricingPage extends React.Component {
     }
 
     PricingBackend.getPricing(this.state.owner, pricingName)
-      .then((result) => {
-        if (result.status === "error") {
-          Setting.showMessage("error", result.msg);
+      .then((res) => {
+        if (res.status === "error") {
+          Setting.showMessage("error", res.msg);
           return;
         }
 
         this.setState({
           loading: false,
-          pricing: result,
+          pricing: res.data,
         });
-        this.onUpdatePricing(result);
+        this.onUpdatePricing(res.data);
       });
   }
 

web/src/table/PoliciyTable.js

@@ -102,7 +102,7 @@ class PolicyTable extends React.Component {
 
   synPolicies() {
     this.setState({loading: true});
-    AdapterBackend.syncPolicies(this.props.owner, this.props.name)
+    AdapterBackend.getPolicies(this.props.owner, this.props.name)
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("adapter:Sync policies successfully"));