Browse Source

only assign auto-admin when sign up by web

Unknwon 9 years ago
parent
commit
47ac579f09
4 changed files with 14 additions and 12 deletions
  1. 2 1
      cmd/web.go
  2. 1 9
      models/user.go
  3. 1 1
      modules/middleware/auth.go
  4. 10 1
      routers/user/auth.go

+ 2 - 1
cmd/web.go

@@ -206,7 +206,7 @@ func runWeb(ctx *cli.Context) {
 		m.Get("/issues", user.Issues)
 	}, reqSignIn)
 
-	// API.
+	// ***** START: API *****
 	// FIXME: custom form error response.
 	m.Group("/api", func() {
 		m.Group("/v1", func() {
@@ -248,6 +248,7 @@ func runWeb(ctx *cli.Context) {
 			})
 		})
 	}, ignSignIn)
+	// ***** END: API *****
 
 	// ***** START: User *****
 	m.Group("/user", func() {

+ 1 - 9
models/user.go

@@ -373,17 +373,9 @@ func CreateUser(u *User) (err error) {
 	} else if err = os.MkdirAll(UserPath(u.Name), os.ModePerm); err != nil {
 		sess.Rollback()
 		return err
-	} else if err = sess.Commit(); err != nil {
-		return err
 	}
 
-	// Auto-set admin for the first user.
-	if CountUsers() == 1 {
-		u.IsAdmin = true
-		u.IsActive = true
-		_, err = x.Id(u.Id).AllCols().Update(u)
-	}
-	return err
+	return sess.Commit()
 }
 
 func countUsers(e Engine) int64 {

+ 1 - 1
modules/middleware/auth.go

@@ -80,7 +80,7 @@ func Toggle(options *ToggleOptions) macaron.Handler {
 			return
 		}
 
-		if !options.SignOutRequire && !options.DisableCsrf && ctx.Req.Method == "POST" {
+		if !options.SignOutRequire && !options.DisableCsrf && ctx.Req.Method == "POST" && !auth.IsAPIPath(ctx.Req.URL.Path) {
 			csrf.Validate(ctx.Context, ctx.csrf)
 			if ctx.Written() {
 				return

+ 10 - 1
routers/user/auth.go

@@ -220,7 +220,6 @@ func SignUpPost(ctx *middleware.Context, cpt *captcha.Captcha, form auth.Registe
 		Passwd:   form.Password,
 		IsActive: !setting.Service.RegisterEmailConfirm || isOauth,
 	}
-
 	if err := models.CreateUser(u); err != nil {
 		switch {
 		case models.IsErrUserAlreadyExist(err):
@@ -242,6 +241,16 @@ func SignUpPost(ctx *middleware.Context, cpt *captcha.Captcha, form auth.Registe
 	}
 	log.Trace("Account created: %s", u.Name)
 
+	// Auto-set admin for the only user.
+	if models.CountUsers() == 1 {
+		u.IsAdmin = true
+		u.IsActive = true
+		if err := models.UpdateUser(u); err != nil {
+			ctx.Handle(500, "UpdateUser", err)
+			return
+		}
+	}
+
 	// Bind social account.
 	if isOauth {
 		if err := models.BindUserOauth2(u.Id, sid); err != nil {