diff --git a/src/ui/controllers/accountsetting.go b/src/ui/controllers/accountsetting.go index 5d49e60d7..516547b98 100644 --- a/src/ui/controllers/accountsetting.go +++ b/src/ui/controllers/accountsetting.go @@ -1,5 +1,9 @@ package controllers +import ( + "net/http" +) + // AccountSettingController handles request to /account_setting type AccountSettingController struct { BaseController @@ -7,5 +11,8 @@ type AccountSettingController struct { // Get renders the account settings page func (asc *AccountSettingController) Get() { + if asc.AuthMode != "db_auth" { + asc.CustomAbort(http.StatusForbidden, "") + } asc.Forward("page_title_account_setting", "account-settings.htm") } diff --git a/src/ui/controllers/changepassword.go b/src/ui/controllers/changepassword.go index 0ecddb29c..842cbe2f2 100644 --- a/src/ui/controllers/changepassword.go +++ b/src/ui/controllers/changepassword.go @@ -1,5 +1,9 @@ package controllers +import ( + "net/http" +) + // ChangePasswordController handles request to /change_password type ChangePasswordController struct { BaseController @@ -7,5 +11,8 @@ type ChangePasswordController struct { // Get renders the change password page func (asc *ChangePasswordController) Get() { + if asc.AuthMode != "db_auth" { + asc.CustomAbort(http.StatusForbidden, "") + } asc.Forward("page_title_change_password", "change-password.htm") } diff --git a/src/ui/controllers/optionalmenu.go b/src/ui/controllers/optionalmenu.go index 80524d55f..96efcac68 100644 --- a/src/ui/controllers/optionalmenu.go +++ b/src/ui/controllers/optionalmenu.go @@ -19,6 +19,7 @@ func (omc *OptionalMenuController) Get() { var hasLoggedIn bool var allowAddNew bool + var allowSettingAccount bool if sessionUserID != nil { hasLoggedIn = true @@ -34,6 +35,10 @@ func (omc *OptionalMenuController) Get() { } omc.Data["Username"] = u.Username + if omc.AuthMode == "db_auth" { + allowSettingAccount = true + } + isAdmin, err := dao.IsAdminRole(sessionUserID.(int)) if err != nil { log.Errorf("Error occurred in IsAdminRole: %v", err) @@ -45,6 +50,7 @@ func (omc *OptionalMenuController) Get() { } } omc.Data["AddNew"] = allowAddNew + omc.Data["SettingAccount"] = allowSettingAccount omc.Data["HasLoggedIn"] = hasLoggedIn omc.TplName = "optional-menu.htm" omc.Render() diff --git a/src/ui/controllers/signup.go b/src/ui/controllers/signup.go index 6ed75b01b..d3b7bdc90 100644 --- a/src/ui/controllers/signup.go +++ b/src/ui/controllers/signup.go @@ -12,7 +12,7 @@ type SignUpController struct { // Get renders sign up page func (suc *SignUpController) Get() { if suc.AuthMode != "db_auth" || !suc.SelfRegistration { - suc.CustomAbort(http.StatusUnauthorized, "Status unauthorized.") + suc.CustomAbort(http.StatusForbidden, "") } suc.Data["AddNew"] = false suc.Forward("page_title_sign_up", "sign-up.htm") diff --git a/src/ui/views/optional-menu.htm b/src/ui/views/optional-menu.htm index b32ec201f..56d78b9a1 100644 --- a/src/ui/views/optional-menu.htm +++ b/src/ui/views/optional-menu.htm @@ -21,7 +21,9 @@ {{ if eq .AddNew true }}
  •   // 'add_new_title' | tr //
  • {{ end }} + {{ if eq .SettingAccount true }}
  •   // 'account_setting' | tr //
  • + {{ end }}