mirror of
https://github.com/AlistGo/alist.git
synced 2025-12-19 11:00:06 +08:00
91cc7529a0
Some checks failed
beta release / Beta Release Changelog (1.21, ubuntu-latest) (push) Has been cancelled
build / Build (ubuntu-latest, android-arm64) (push) Has been cancelled
build / Build (ubuntu-latest, darwin-amd64) (push) Has been cancelled
build / Build (ubuntu-latest, darwin-arm64) (push) Has been cancelled
build / Build (ubuntu-latest, linux-amd64-musl) (push) Has been cancelled
build / Build (ubuntu-latest, linux-arm64-musl) (push) Has been cancelled
build / Build (ubuntu-latest, windows-amd64) (push) Has been cancelled
build / Build (ubuntu-latest, windows-arm64) (push) Has been cancelled
release_docker / Build Binaries for Docker Release (push) Has been cancelled
beta release / Beta Release (md5, !(*musl*|*windows-arm64*|*android*|*freebsd*)) (push) Has been cancelled
beta release / Beta Release (md5-android, android-*) (push) Has been cancelled
beta release / Beta Release (md5-freebsd, freebsd-*) (push) Has been cancelled
beta release / Beta Release (md5-linux-musl, linux-!(arm*)-musl*) (push) Has been cancelled
beta release / Beta Release (md5-linux-musl-arm, linux-arm*-musl*) (push) Has been cancelled
beta release / Beta Release (md5-windows-arm64, windows-arm64) (push) Has been cancelled
beta release / Beta Release Desktop (push) Has been cancelled
release_docker / Release Docker image (, latest, ) (push) Has been cancelled
release_docker / Release Docker image (INSTALL_ARIA2=true, aria2, suffix=-aria2,onlatest=true) (push) Has been cancelled
release_docker / Release Docker image (INSTALL_FFMPEG=true
INSTALL_ARIA2=true
, aio, suffix=-aio,onlatest=true) (push) Has been cancelled
release_docker / Release Docker image (INSTALL_FFMPEG=true, ffmpeg, suffix=-ffmpeg,onlatest=true) (push) Has been cancelled
Close inactive / close-inactive (push) Has been cancelled
- Update `CreateUser` to adjust `BasePath` based on user roles and clean paths. - Modify `UpdateUser` to incorporate role-based path changes. - Add validation in `CreateStorage` and `UpdateStorage` to prevent root mount path. - Prevent changes to admin user's role and username in user handler. - Update `UpdateRole` to modify user base paths when role paths change, and clear user cache accordingly. - Import `errors` package to handle error messages.
149 lines
3.0 KiB
Go
149 lines
3.0 KiB
Go
package handles
|
|
|
|
import (
|
|
"github.com/alist-org/alist/v3/pkg/utils"
|
|
"strconv"
|
|
|
|
"github.com/alist-org/alist/v3/internal/model"
|
|
"github.com/alist-org/alist/v3/internal/op"
|
|
"github.com/alist-org/alist/v3/server/common"
|
|
"github.com/gin-gonic/gin"
|
|
log "github.com/sirupsen/logrus"
|
|
)
|
|
|
|
func ListUsers(c *gin.Context) {
|
|
var req model.PageReq
|
|
if err := c.ShouldBind(&req); err != nil {
|
|
common.ErrorResp(c, err, 400)
|
|
return
|
|
}
|
|
req.Validate()
|
|
log.Debugf("%+v", req)
|
|
users, total, err := op.GetUsers(req.Page, req.PerPage)
|
|
if err != nil {
|
|
common.ErrorResp(c, err, 500, true)
|
|
return
|
|
}
|
|
common.SuccessResp(c, common.PageResp{
|
|
Content: users,
|
|
Total: total,
|
|
})
|
|
}
|
|
|
|
func CreateUser(c *gin.Context) {
|
|
var req model.User
|
|
if err := c.ShouldBind(&req); err != nil {
|
|
common.ErrorResp(c, err, 400)
|
|
return
|
|
}
|
|
if req.IsAdmin() || req.IsGuest() {
|
|
common.ErrorStrResp(c, "admin or guest user can not be created", 400, true)
|
|
return
|
|
}
|
|
req.SetPassword(req.Password)
|
|
req.Password = ""
|
|
req.Authn = "[]"
|
|
if err := op.CreateUser(&req); err != nil {
|
|
common.ErrorResp(c, err, 500, true)
|
|
} else {
|
|
common.SuccessResp(c)
|
|
}
|
|
}
|
|
|
|
func UpdateUser(c *gin.Context) {
|
|
var req model.User
|
|
if err := c.ShouldBind(&req); err != nil {
|
|
common.ErrorResp(c, err, 400)
|
|
return
|
|
}
|
|
user, err := op.GetUserById(req.ID)
|
|
if err != nil {
|
|
common.ErrorResp(c, err, 500)
|
|
return
|
|
}
|
|
|
|
if user.Username == "admin" {
|
|
if !utils.SliceEqual(user.Role, req.Role) {
|
|
common.ErrorStrResp(c, "cannot change role of admin user", 403)
|
|
return
|
|
}
|
|
if user.Username != req.Username {
|
|
common.ErrorStrResp(c, "cannot change username of admin user", 403)
|
|
return
|
|
}
|
|
}
|
|
|
|
if req.Password == "" {
|
|
req.PwdHash = user.PwdHash
|
|
req.Salt = user.Salt
|
|
} else {
|
|
req.SetPassword(req.Password)
|
|
req.Password = ""
|
|
}
|
|
if req.OtpSecret == "" {
|
|
req.OtpSecret = user.OtpSecret
|
|
}
|
|
if req.Disabled && req.IsAdmin() {
|
|
common.ErrorStrResp(c, "admin user can not be disabled", 400)
|
|
return
|
|
}
|
|
if err := op.UpdateUser(&req); err != nil {
|
|
common.ErrorResp(c, err, 500)
|
|
} else {
|
|
common.SuccessResp(c)
|
|
}
|
|
}
|
|
|
|
func DeleteUser(c *gin.Context) {
|
|
idStr := c.Query("id")
|
|
id, err := strconv.Atoi(idStr)
|
|
if err != nil {
|
|
common.ErrorResp(c, err, 400)
|
|
return
|
|
}
|
|
if err := op.DeleteUserById(uint(id)); err != nil {
|
|
common.ErrorResp(c, err, 500)
|
|
return
|
|
}
|
|
common.SuccessResp(c)
|
|
}
|
|
|
|
func GetUser(c *gin.Context) {
|
|
idStr := c.Query("id")
|
|
id, err := strconv.Atoi(idStr)
|
|
if err != nil {
|
|
common.ErrorResp(c, err, 400)
|
|
return
|
|
}
|
|
user, err := op.GetUserById(uint(id))
|
|
if err != nil {
|
|
common.ErrorResp(c, err, 500, true)
|
|
return
|
|
}
|
|
common.SuccessResp(c, user)
|
|
}
|
|
|
|
func Cancel2FAById(c *gin.Context) {
|
|
idStr := c.Query("id")
|
|
id, err := strconv.Atoi(idStr)
|
|
if err != nil {
|
|
common.ErrorResp(c, err, 400)
|
|
return
|
|
}
|
|
if err := op.Cancel2FAById(uint(id)); err != nil {
|
|
common.ErrorResp(c, err, 500)
|
|
return
|
|
}
|
|
common.SuccessResp(c)
|
|
}
|
|
|
|
func DelUserCache(c *gin.Context) {
|
|
username := c.Query("username")
|
|
err := op.DelUserCache(username)
|
|
if err != nil {
|
|
common.ErrorResp(c, err, 500)
|
|
return
|
|
}
|
|
common.SuccessResp(c)
|
|
}
|