diff --git a/client/src/components/UsersModal/Item/ActionsStep.jsx b/client/src/components/UsersModal/Item/ActionsStep.jsx index 88c089ac..f8a2959b 100644 --- a/client/src/components/UsersModal/Item/ActionsStep.jsx +++ b/client/src/components/UsersModal/Item/ActionsStep.jsx @@ -155,7 +155,7 @@ const ActionsStep = React.memo( )} - {!user.isLockedAdmin && ( + {!user.isDeletionLocked && ( {t('action.deleteUser', { context: 'title', diff --git a/client/src/components/UsersModal/Item/Item.jsx b/client/src/components/UsersModal/Item/Item.jsx index da73c5c8..80db3568 100755 --- a/client/src/components/UsersModal/Item/Item.jsx +++ b/client/src/components/UsersModal/Item/Item.jsx @@ -18,7 +18,8 @@ const Item = React.memo( phone, isAdmin, isLocked, - isLockedAdmin, + isRoleLocked, + isDeletionLocked, emailUpdateForm, passwordUpdateForm, usernameUpdateForm, @@ -48,7 +49,7 @@ const Item = React.memo( {username || '-'} {email} - + new Date(), diff --git a/server/api/controllers/users/update.js b/server/api/controllers/users/update.js index c876efbd..161ae78c 100755 --- a/server/api/controllers/users/update.js +++ b/server/api/controllers/users/update.js @@ -73,6 +73,10 @@ module.exports = { delete inputs.name; /* eslint-enable no-param-reassign */ } else if (user.isSso) { + if (!sails.config.custom.oidcIgnoreRoles) { + delete inputs.isAdmin; // eslint-disable-line no-param-reassign + } + delete inputs.name; // eslint-disable-line no-param-reassign } diff --git a/server/api/helpers/users/get-or-create-one-using-oidc.js b/server/api/helpers/users/get-or-create-one-using-oidc.js index ef3f3dce..6a862022 100644 --- a/server/api/helpers/users/get-or-create-one-using-oidc.js +++ b/server/api/helpers/users/get-or-create-one-using-oidc.js @@ -90,11 +90,9 @@ module.exports = { }); } - const updateFieldKeys = ['email', 'isAdmin', 'isSso', 'name', 'username']; - - if (sails.config.custom.oidcIgnoreRoles) { - // Remove isAdmin from updateFieldKeys - updateFieldKeys.splice(updateFieldKeys.indexOf('isAdmin'), 1); + const updateFieldKeys = ['email', 'isSso', 'name', 'username']; + if (!sails.config.custom.oidcIgnoreRoles) { + updateFieldKeys.push('isAdmin'); } const updateValues = {}; diff --git a/server/api/models/User.js b/server/api/models/User.js index 5a16fe23..9bf8a298 100755 --- a/server/api/models/User.js +++ b/server/api/models/User.js @@ -110,12 +110,13 @@ module.exports = { tableName: 'user_account', customToJSON() { - const isLockedAdmin = this.email === sails.config.custom.defaultAdminEmail; + const isDefaultAdmin = this.email === sails.config.custom.defaultAdminEmail; return { ..._.omit(this, ['password', 'isSso', 'avatar', 'passwordChangedAt']), - isLockedAdmin, - isLocked: this.isSso || isLockedAdmin, + isLocked: this.isSso || isDefaultAdmin, + isRoleLocked: (this.isSso && !sails.config.custom.oidcIgnoreRoles) || isDefaultAdmin, + isDeletionLocked: isDefaultAdmin, avatarUrl: this.avatar && `${sails.config.custom.userAvatarsUrl}/${this.avatar.dirname}/square-100.${this.avatar.extension}`, diff --git a/server/config/custom.js b/server/config/custom.js index 73e2427e..cbbc89ba 100644 --- a/server/config/custom.js +++ b/server/config/custom.js @@ -39,7 +39,7 @@ module.exports.custom = { oidcScopes: process.env.OIDC_SCOPES || 'openid email profile', oidcAdminRoles: process.env.OIDC_ADMIN_ROLES ? process.env.OIDC_ADMIN_ROLES.split(',') : [], oidcRolesAttribute: process.env.OIDC_ROLES_ATTRIBUTE || 'groups', - oidcIgnoreRoles : process.env.OIDC_IGNORE_ROLES || false, + oidcIgnoreRoles: process.env.OIDC_IGNORE_ROLES === 'true', // TODO: move client base url to environment variable? oidcRedirectUri: `${ diff --git a/server/db/seeds/default.js b/server/db/seeds/default.js index 20624e50..137cf569 100644 --- a/server/db/seeds/default.js +++ b/server/db/seeds/default.js @@ -34,10 +34,6 @@ exports.seed = async (knex) => { createdAt: new Date().toISOString(), }); } catch (error) { - if (Object.keys(data).length === 0) { - return; - } - await knex('user_account').update(data).where('email', process.env.DEFAULT_ADMIN_EMAIL); } };