fix: actions initialized to null and model/resources not updated with the owner (#887 )

Signed-off-by: Yixiang Zhao <seriouszyx@foxmail.com>
feat: failed to sync keycloak users in the PostgreSQL database (#886 )
2025-08-29 18:40:22 +08:00 · 2022-07-16 15:00:42 +08:00 · 2022-07-16 12:14:35 +08:00 · 2022-07-15 12:01:27 +08:00 · 2022-07-14 21:46:13 +08:00 · 2022-07-13 22:56:35 +08:00
9 changed files with 80 additions and 29 deletions
--- a/controllers/auth.go
+++ b/controllers/auth.go
@@ -51,7 +51,7 @@ func tokenToResponse(token *object.Token) *Response {
 func (c *ApiController) HandleLoggedIn(application *object.Application, user *object.User, form *RequestForm) (resp *Response) {
 	userId := user.GetId()

-	allowed, err := object.CheckPermission(userId, application)
+	allowed, err := object.CheckAccessPermission(userId, application)
 	if err != nil {
 		c.ResponseError(err.Error(), nil)
 		return
--- a/controllers/user.go
+++ b/controllers/user.go
@@ -85,11 +85,15 @@ func (c *ApiController) GetUsers() {
 // @router /get-user [get]
 func (c *ApiController) GetUser() {
 	id := c.Input().Get("id")
-	owner := c.Input().Get("owner")
 	email := c.Input().Get("email")
-	userOwner, _ := util.GetOwnerAndNameFromId(id)
-	organization := object.GetOrganization(fmt.Sprintf("%s/%s", "admin", userOwner))
+	userId := c.Input().Get("userId")

+	owner := c.Input().Get("owner")
+	if owner == "" {
+		owner, _ = util.GetOwnerAndNameFromId(id)
+	}
+
+	organization := object.GetOrganization(fmt.Sprintf("%s/%s", "admin", owner))
 	if !organization.IsProfilePublic {
 		requestUserId := c.GetSessionUsername()
 		hasPermission, err := object.CheckUserPermission(requestUserId, id, false)
@@ -100,10 +104,12 @@ func (c *ApiController) GetUser() {
 	}

 	var user *object.User
-	if email == "" {
-		user = object.GetUser(id)
-	} else {
+	if email != "" {
 		user = object.GetUserByEmail(owner, email)
+	} else if userId != "" {
+		user = object.GetUserByUserId(owner, userId)
+	} else {
+		user = object.GetUser(id)
 	}

 	c.Data["json"] = object.GetMaskedUser(user)
--- a/object/check.go
+++ b/object/check.go
@@ -231,19 +231,28 @@ func CheckUserPermission(requestUserId, userId string, strict bool) (bool, error
 	return hasPermission, fmt.Errorf("you don't have the permission to do this")
 }

-func CheckPermission(userId string, application *Application) (bool, error) {
+func CheckAccessPermission(userId string, application *Application) (bool, error) {
 	permissions := GetPermissions(application.Organization)
-	allow := true
+	allowed := true
 	var err error
 	for _, permission := range permissions {
-		if permission.IsEnabled {
-			for _, resource := range permission.Resources {
-				if resource == application.Name {
-					enforcer := getEnforcer(permission)
-					allow, err = enforcer.Enforce(userId, application.Name, "read")
-				}
+		if !permission.IsEnabled {
+			continue
+		}
+
+		isHit := false
+		for _, resource := range permission.Resources {
+			if application.Name == resource {
+				isHit = true
+				break
 			}
 		}
+
+		if isHit {
+			enforcer := getEnforcer(permission)
+			allowed, err = enforcer.Enforce(userId, application.Name, "read")
+			break
+		}
 	}
-	return allow, err
-}
+	return allowed, err
+}
--- a/object/syncer_user.go
+++ b/object/syncer_user.go
@@ -151,6 +151,8 @@ func (syncer *Syncer) initAdapter() {
 		var dataSourceName string
 		if syncer.DatabaseType == "mssql" {
 			dataSourceName = fmt.Sprintf("sqlserver://%s:%s@%s:%d?database=%s", syncer.User, syncer.Password, syncer.Host, syncer.Port, syncer.Database)
+		} else if syncer.DatabaseType == "postgres" {
+			dataSourceName = fmt.Sprintf("user=%s password=%s host=%s port=%d sslmode=disable dbname=%s", syncer.User, syncer.Password, syncer.Host, syncer.Port, syncer.Database)
 		} else {
 			dataSourceName = fmt.Sprintf("%s:%s@tcp(%s:%d)/", syncer.User, syncer.Password, syncer.Host, syncer.Port)
 		}
--- a/object/syncer_util.go
+++ b/object/syncer_util.go
@@ -173,16 +173,21 @@ func (syncer *Syncer) getOriginalUsersFromMap(results []map[string]string) []*Or
 		}

 		for _, tableColumn := range syncer.TableColumns {
+			tableColumnName := tableColumn.Name
+			if syncer.Type == "Keycloak" && syncer.DatabaseType == "postgres" {
+				tableColumnName = strings.ToLower(tableColumnName)
+			}
+
 			value := ""
-			if strings.Contains(tableColumn.Name, "+") {
-				names := strings.Split(tableColumn.Name, "+")
+			if strings.Contains(tableColumnName, "+") {
+				names := strings.Split(tableColumnName, "+")
 				var values []string
 				for _, name := range names {
 					values = append(values, result[strings.Trim(name, " ")])
 				}
 				value = strings.Join(values, " ")
 			} else {
-				value = result[tableColumn.Name]
+				value = result[tableColumnName]
 			}
 			syncer.setUserByKeyValue(originalUser, tableColumn.CasdoorName, value)
 		}
@@ -198,7 +203,7 @@ func (syncer *Syncer) getOriginalUsersFromMap(results []map[string]string) []*Or
 				originalUser.PasswordSalt = credential.Salt
 			}
 			// query and set signup application from user group table
-			sql = fmt.Sprintf("select name from keycloak_group where id = " +
+			sql = fmt.Sprintf("select name from keycloak_group where id = "+
 				"(select group_id as gid from user_group_membership where user_id = '%s')", originalUser.Id)
 			groupResult, _ := syncer.Adapter.Engine.QueryString(sql)
 			if len(groupResult) > 0 {
@@ -209,7 +214,12 @@ func (syncer *Syncer) getOriginalUsersFromMap(results []map[string]string) []*Or
 			tm := time.Unix(i/int64(1000), 0)
 			originalUser.CreatedTime = tm.Format("2006-01-02T15:04:05+08:00")
 			// enable
-			originalUser.IsForbidden = !(result["ENABLED"] == "\x01")
+			value, ok := result["ENABLED"]
+			if ok {
+				originalUser.IsForbidden = !util.ParseBool(value)
+			} else {
+				originalUser.IsForbidden = !util.ParseBool(result["enabled"])
+			}
 		}

 		users = append(users, originalUser)
--- a/object/user.go
+++ b/object/user.go
@@ -97,7 +97,7 @@ type User struct {
 	Steam         string `xorm:"steam varchar(100)" json:"steam"`
 	Bilibili      string `xorm:"bilibili varchar(100)" json:"bilibili"`
 	Okta          string `xorm:"okta varchar(100)" json:"okta"`
-	Douyin        string `xorm:"douyin vachar(100)" json:"douyin"`
+	Douyin        string `xorm:"douyin varchar(100)" json:"douyin"`
 	Custom        string `xorm:"custom varchar(100)" json:"custom"`

 	WebauthnCredentials []webauthn.Credential `xorm:"webauthnCredentials blob" json:"webauthnCredentials"`
@@ -270,6 +270,24 @@ func GetUserByEmail(owner string, email string) *User {
 	}
 }

+func GetUserByUserId(owner string, userId string) *User {
+	if owner == "" || userId == "" {
+		return nil
+	}
+
+	user := User{Owner: owner, Id: userId}
+	existed, err := adapter.Engine.Get(&user)
+	if err != nil {
+		panic(err)
+	}
+
+	if existed {
+		return &user
+	} else {
+		return nil
+	}
+}
+
 func GetUser(id string) *User {
 	owner, name := util.GetOwnerAndNameFromId(id)
 	return getUser(owner, name)
@@ -329,9 +347,11 @@ func UpdateUser(id string, user *User, columns []string, isGlobalAdmin bool) boo
 	}

 	if len(columns) == 0 {
-		columns = []string{"owner", "display_name", "avatar",
+		columns = []string{
+			"owner", "display_name", "avatar",
 			"location", "address", "region", "language", "affiliation", "title", "homepage", "bio", "score", "tag", "signup_application",
-			"is_admin", "is_global_admin", "is_forbidden", "is_deleted", "hash", "is_default_avatar", "properties", "webauthnCredentials"}
+			"is_admin", "is_global_admin", "is_forbidden", "is_deleted", "hash", "is_default_avatar", "properties", "webauthnCredentials",
+		}
 	}
 	if isGlobalAdmin {
 		columns = append(columns, "name", "email", "phone")
@@ -398,10 +418,10 @@ func AddUsers(users []*User) bool {
 		return false
 	}

-	//organization := GetOrganizationByUser(users[0])
+	// organization := GetOrganizationByUser(users[0])
 	for _, user := range users {
 		// this function is only used for syncer or batch upload, so no need to encrypt the password
-		//user.UpdateUserPassword(organization)
+		// user.UpdateUserPassword(organization)

 		user.UpdateUserHash()
 		user.PreHash = user.Hash
--- a/util/string.go
+++ b/util/string.go
@@ -52,8 +52,10 @@ func ParseFloat(s string) float64 {
 }

 func ParseBool(s string) bool {
-	if s == "\x01" {
+	if s == "\x01" || s == "true" {
 		return true
+	} else if s == "false" {
+		return false
 	}

 	i := ParseInt(s)
--- a/web/src/PermissionEditPage.js
+++ b/web/src/PermissionEditPage.js
@@ -143,6 +143,8 @@ class PermissionEditPage extends React.Component {

              this.getUsers(owner);
              this.getRoles(owner);
+              this.getModels(owner);
+              this.getResources(owner);
            })}>
              {
                this.state.organizations.map((organization, index) => <Option key={index} value={organization.name}>{organization.name}</Option>)
--- a/web/src/PermissionListPage.js
+++ b/web/src/PermissionListPage.js
@@ -33,7 +33,7 @@ class PermissionListPage extends BaseListPage {
      roles: [],
      resourceType: "Application",
      resources: ["app-built-in"],
-      action: "Read",
+      actions: ["Read"],
      effect: "Allow",
      isEnabled: true,
    };
Author	SHA1	Message	Date
Yixiang Zhao	2eec53a6d0	fix: actions initialized to null and model/resources not updated with the owner (#887 ) Signed-off-by: Yixiang Zhao <seriouszyx@foxmail.com>	2022-07-16 15:00:42 +08:00
Yixiang Zhao	117dec4542	feat: failed to sync keycloak users in the PostgreSQL database (#886 ) Signed-off-by: Yixiang Zhao <seriouszyx@foxmail.com>	2022-07-16 12:14:35 +08:00
waltcow	895cdd024d	fix: Typo in user model xorm tag (#883 )	2022-07-15 12:01:27 +08:00
q1anx1	f0b0891ac9	feat: query user by `userId` (#879 ) * feat: add `getUserByUserId` func * Update user.go Co-authored-by: Yang Luo <hsluoyz@qq.com>	2022-07-14 21:46:13 +08:00
Yang Luo	10449e89ab	Fix owner bug in GetUser().	2022-07-13 22:56:35 +08:00
Gucheng Wang	6e70f0fc58	Refactor CheckAccessPermission().	2022-07-13 00:50:32 +08:00