github
/
alist
mirror of https://github.com/Xhofe/alist
1
0
Fork 0
Code Issues Releases Wiki Activity

feat(user-management): Enhance admin management and role handling

pull/9231/head^2 v3.47.0
千石 2025-07-29 19:45:28 +08:00 committed by GitHub
parent 3353055482 d5df6fa4cf
commit 55b2bb6b80
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 39 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
internal/db/user.go
View File

@ -2,6 +2,7 @@ package db
import ( import (
"encoding/base64" "encoding/base64"
"fmt"
"github.com/alist-org/alist/v3/internal/model" "github.com/alist-org/alist/v3/internal/model"
"github.com/alist-org/alist/v3/pkg/utils" "github.com/alist-org/alist/v3/pkg/utils"
"github.com/go-webauthn/webauthn/webauthn" "github.com/go-webauthn/webauthn/webauthn"
@ -140,3 +141,13 @@ func UpdateUserBasePathPrefix(oldPath, newPath string) ([]string, error) {
return modifiedUsernames, nil return modifiedUsernames, nil
} }
func CountUsersByRoleAndEnabledExclude(roleID uint, excludeUserID uint) (int64, error) {
var count int64
jsonValue := fmt.Sprintf("[%d]", roleID)
err := db.Model(&model.User{}).
Where("disabled = ? AND id != ?", false, excludeUserID).
Where("JSON_CONTAINS(role, ?)", jsonValue).
Count(&count).Error
return count, err
}

6
internal/op/role.go
View File

@ -97,8 +97,12 @@ func UpdateRole(r *model.Role) error {
if err != nil { if err != nil {
return err return err
} }
if old.Name == "admin" || old.Name == "guest" { switch old.Name {
case "admin":
return errs.ErrChangeDefaultRole return errs.ErrChangeDefaultRole
case "guest":
r.Name = "guest"
} }
for i := range r.PermissionScopes { for i := range r.PermissionScopes {
r.PermissionScopes[i].Path = utils.FixAndCleanPath(r.PermissionScopes[i].Path) r.PermissionScopes[i].Path = utils.FixAndCleanPath(r.PermissionScopes[i].Path)

8
internal/op/user.go
View File

@ -165,3 +165,11 @@ func DelUserCache(username string) error {
userCache.Del(username) userCache.Del(username)
return nil return nil
} }
func CountEnabledAdminsExcluding(userID uint) (int64, error) {
adminRole, err := GetRoleByName("admin")
if err != nil {
return 0, err
}
return db.CountUsersByRoleAndEnabledExclude(adminRole.ID, userID)
}

6
server/handles/role.go
View File

@ -66,9 +66,13 @@ func UpdateRole(c *gin.Context) {
common.ErrorResp(c, err, 500, true) common.ErrorResp(c, err, 500, true)
return return
} }
if role.Name == "admin" || role.Name == "guest" { switch role.Name {
case "admin":
common.ErrorResp(c, errs.ErrChangeDefaultRole, 403) common.ErrorResp(c, errs.ErrChangeDefaultRole, 403)
return return
case "guest":
req.Name = "guest"
} }
if err := op.UpdateRole(&req); err != nil { if err := op.UpdateRole(&req); err != nil {
common.ErrorResp(c, err, 500, true) common.ErrorResp(c, err, 500, true)

11
server/handles/user.go
View File

@ -83,10 +83,17 @@ func UpdateUser(c *gin.Context) {
if req.OtpSecret == "" { if req.OtpSecret == "" {
req.OtpSecret = user.OtpSecret req.OtpSecret = user.OtpSecret
} }
if req.Disabled && req.IsAdmin() { if req.Disabled && user.IsAdmin() {
common.ErrorStrResp(c, "admin user can not be disabled", 400) count, err := op.CountEnabledAdminsExcluding(user.ID)
if err != nil {
common.ErrorResp(c, err, 500)
return return
} }
if count == 0 {
common.ErrorStrResp(c, "at least one enabled admin must be kept", 400)
return
}
}
if err := op.UpdateUser(&req); err != nil { if err := op.UpdateUser(&req); err != nil {
common.ErrorResp(c, err, 500) common.ErrorResp(c, err, 500)
} else { } else {