Docker/planka
Docker/planka
1
0
Fork 0
mirror of https://github.com/plankanban/planka.git synced 2025-07-18 20:59:44 +02:00
Code Issues Releases Activity

fix: Disable role change when OIDC roles are not ignored

Browse source
This commit is contained in:
Maksim Eltyshev 2023-10-25 23:39:34 +02:00
parent e41a434fc8
commit d951ba59dd
9 changed files with 23 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

4
server/api/controllers/users/update.js
View file

@ -73,6 +73,10 @@ module.exports = {
delete inputs.name;
/* eslint-enable no-param-reassign */
} else if (user.isSso) {
if (!sails.config.custom.oidcIgnoreRoles) {
delete inputs.isAdmin; // eslint-disable-line no-param-reassign
}
delete inputs.name; // eslint-disable-line no-param-reassign
}

8
server/api/helpers/users/get-or-create-one-using-oidc.js
View file

@ -90,11 +90,9 @@ module.exports = {
});
}
const updateFieldKeys = ['email', 'isAdmin', 'isSso', 'name', 'username'];
if (sails.config.custom.oidcIgnoreRoles) {
// Remove isAdmin from updateFieldKeys
updateFieldKeys.splice(updateFieldKeys.indexOf('isAdmin'), 1);
const updateFieldKeys = ['email', 'isSso', 'name', 'username'];
if (!sails.config.custom.oidcIgnoreRoles) {
updateFieldKeys.push('isAdmin');
}
const updateValues = {};

7
server/api/models/User.js
View file

@ -110,12 +110,13 @@ module.exports = {
tableName: 'user_account',
customToJSON() {
const isLockedAdmin = this.email === sails.config.custom.defaultAdminEmail;
const isDefaultAdmin = this.email === sails.config.custom.defaultAdminEmail;
return {
..._.omit(this, ['password', 'isSso', 'avatar', 'passwordChangedAt']),
isLockedAdmin,
isLocked: this.isSso || isLockedAdmin,
isLocked: this.isSso || isDefaultAdmin,
isRoleLocked: (this.isSso && !sails.config.custom.oidcIgnoreRoles) || isDefaultAdmin,
isDeletionLocked: isDefaultAdmin,
avatarUrl:
this.avatar &&
`${sails.config.custom.userAvatarsUrl}/${this.avatar.dirname}/square-100.${this.avatar.extension}`,