From 47ac579f092cef9128fa0c74798ecaffa2c888f9 Mon Sep 17 00:00:00 2001 From: Unknwon Date: Wed, 19 Aug 2015 04:58:45 +0800 Subject: [PATCH] only assign auto-admin when sign up by web --- cmd/web.go | 3 ++- models/user.go | 10 +--------- modules/middleware/auth.go | 2 +- routers/user/auth.go | 11 ++++++++++- 4 files changed, 14 insertions(+), 12 deletions(-) diff --git a/cmd/web.go b/cmd/web.go index a0e72b38106..386fae74f87 100644 --- a/cmd/web.go +++ b/cmd/web.go @@ -206,7 +206,7 @@ func runWeb(ctx *cli.Context) { m.Get("/issues", user.Issues) }, reqSignIn) - // API. + // ***** START: API ***** // FIXME: custom form error response. m.Group("/api", func() { m.Group("/v1", func() { @@ -248,6 +248,7 @@ func runWeb(ctx *cli.Context) { }) }) }, ignSignIn) + // ***** END: API ***** // ***** START: User ***** m.Group("/user", func() { diff --git a/models/user.go b/models/user.go index 8f93707da1c..bc0a0461ca8 100644 --- a/models/user.go +++ b/models/user.go @@ -373,17 +373,9 @@ func CreateUser(u *User) (err error) { } else if err = os.MkdirAll(UserPath(u.Name), os.ModePerm); err != nil { sess.Rollback() return err - } else if err = sess.Commit(); err != nil { - return err } - // Auto-set admin for the first user. - if CountUsers() == 1 { - u.IsAdmin = true - u.IsActive = true - _, err = x.Id(u.Id).AllCols().Update(u) - } - return err + return sess.Commit() } func countUsers(e Engine) int64 { diff --git a/modules/middleware/auth.go b/modules/middleware/auth.go index db643ccf28f..f607460037a 100644 --- a/modules/middleware/auth.go +++ b/modules/middleware/auth.go @@ -80,7 +80,7 @@ func Toggle(options *ToggleOptions) macaron.Handler { return } - if !options.SignOutRequire && !options.DisableCsrf && ctx.Req.Method == "POST" { + if !options.SignOutRequire && !options.DisableCsrf && ctx.Req.Method == "POST" && !auth.IsAPIPath(ctx.Req.URL.Path) { csrf.Validate(ctx.Context, ctx.csrf) if ctx.Written() { return diff --git a/routers/user/auth.go b/routers/user/auth.go index 61e572f9bc3..5c6bb26fbaa 100644 --- a/routers/user/auth.go +++ b/routers/user/auth.go @@ -220,7 +220,6 @@ func SignUpPost(ctx *middleware.Context, cpt *captcha.Captcha, form auth.Registe Passwd: form.Password, IsActive: !setting.Service.RegisterEmailConfirm || isOauth, } - if err := models.CreateUser(u); err != nil { switch { case models.IsErrUserAlreadyExist(err): @@ -242,6 +241,16 @@ func SignUpPost(ctx *middleware.Context, cpt *captcha.Captcha, form auth.Registe } log.Trace("Account created: %s", u.Name) + // Auto-set admin for the only user. + if models.CountUsers() == 1 { + u.IsAdmin = true + u.IsActive = true + if err := models.UpdateUser(u); err != nil { + ctx.Handle(500, "UpdateUser", err) + return + } + } + // Bind social account. if isOauth { if err := models.BindUserOauth2(u.Id, sid); err != nil {