From 447ec13527b4f13b624da882953612553faa3a77 Mon Sep 17 00:00:00 2001 From: Daniel Jiang Date: Thu, 23 Apr 2020 11:40:54 +0800 Subject: [PATCH] Allow sys admin to call /c/UserExists The commit fix a regression introduced by #11672 which impacts admin adding new users. When admin is creating new users, /c/UserExists is called by UI. We must allow it called by admin when self-registration is turned off. Signed-off-by: Daniel Jiang --- src/core/controllers/base.go | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/core/controllers/base.go b/src/core/controllers/base.go index d7a960825..167387399 100644 --- a/src/core/controllers/base.go +++ b/src/core/controllers/base.go @@ -30,6 +30,7 @@ import ( "github.com/goharbor/harbor/src/common" "github.com/goharbor/harbor/src/common/dao" "github.com/goharbor/harbor/src/common/models" + "github.com/goharbor/harbor/src/common/security" "github.com/goharbor/harbor/src/common/utils" email_util "github.com/goharbor/harbor/src/common/utils/email" "github.com/goharbor/harbor/src/core/api" @@ -126,8 +127,10 @@ func (cc *CommonController) UserExists() { if err != nil { log.Errorf("Failed to get the status of self registration flag, error: %v, disabling user existence check", err) } - if !flag { - cc.CustomAbort(http.StatusPreconditionFailed, "self registration disabled.") + securityCtx, ok := security.FromContext(cc.Ctx.Request.Context()) + isAdmin := ok && securityCtx.IsSysAdmin() + if !flag && !isAdmin { + cc.CustomAbort(http.StatusPreconditionFailed, "self registration disabled, only sysadmin can check user existence") } target := cc.GetString("target")