From 509c68a78198b3e3faa95eba4be5b327727baf9b Mon Sep 17 00:00:00 2001
From: kunw <kunw@vmware.com>
Date: Fri, 28 Oct 2016 13:53:47 +0800
Subject: [PATCH] Updates for issues of account settings in LDAP.

---
 src/ui/controllers/accountsetting.go               | 10 ++++++++--
 src/ui/controllers/base.go                         |  2 +-
 src/ui/controllers/changepassword.go               | 14 ++++++++++----
 src/ui/controllers/optionalmenu.go                 |  8 +++++++-
 .../js/components/user/list-user.directive.html    |  4 ++--
 .../js/components/user/list-user.directive.js      |  3 +++
 src/ui/views/admin-options.htm                     |  2 +-
 7 files changed, 32 insertions(+), 11 deletions(-)

diff --git a/src/ui/controllers/accountsetting.go b/src/ui/controllers/accountsetting.go
index 516547b98..f6587bfe1 100644
--- a/src/ui/controllers/accountsetting.go
+++ b/src/ui/controllers/accountsetting.go
@@ -11,8 +11,14 @@ type AccountSettingController struct {
 
 // Get renders the account settings page
 func (asc *AccountSettingController) Get() {
-	if asc.AuthMode != "db_auth" {
+	var isAdminForLdap bool
+	sessionUserID, ok := asc.GetSession("userId").(int)
+	if ok && sessionUserID == 1 {
+		isAdminForLdap = true
+	}
+	if asc.AuthMode == "db_auth" || isAdminForLdap {
+		asc.Forward("page_title_account_setting", "account-settings.htm")
+	} else {
 		asc.CustomAbort(http.StatusForbidden, "")
 	}
-	asc.Forward("page_title_account_setting", "account-settings.htm")
 }
diff --git a/src/ui/controllers/base.go b/src/ui/controllers/base.go
index 5bbba0557..c8d2c7a39 100644
--- a/src/ui/controllers/base.go
+++ b/src/ui/controllers/base.go
@@ -8,10 +8,10 @@ import (
 
 	"github.com/astaxie/beego"
 	"github.com/beego/i18n"
-	"github.com/vmware/harbor/src/ui/auth"
 	"github.com/vmware/harbor/src/common/dao"
 	"github.com/vmware/harbor/src/common/models"
 	"github.com/vmware/harbor/src/common/utils/log"
+	"github.com/vmware/harbor/src/ui/auth"
 )
 
 // BaseController wraps common methods such as i18n support, forward,  which can be leveraged by other UI render controllers.
diff --git a/src/ui/controllers/changepassword.go b/src/ui/controllers/changepassword.go
index 842cbe2f2..cbd1b11b0 100644
--- a/src/ui/controllers/changepassword.go
+++ b/src/ui/controllers/changepassword.go
@@ -10,9 +10,15 @@ type ChangePasswordController struct {
 }
 
 // Get renders the change password page
-func (asc *ChangePasswordController) Get() {
-	if asc.AuthMode != "db_auth" {
-		asc.CustomAbort(http.StatusForbidden, "")
+func (cpc *ChangePasswordController) Get() {
+	var isAdminForLdap bool
+	sessionUserID, ok := cpc.GetSession("userId").(int)
+	if ok && sessionUserID == 1 {
+		isAdminForLdap = true
+	}
+	if cpc.AuthMode == "db_auth" || isAdminForLdap {
+		cpc.Forward("page_title_change_password", "change-password.htm")
+	} else {
+		cpc.CustomAbort(http.StatusForbidden, "")
 	}
-	asc.Forward("page_title_change_password", "change-password.htm")
 }
diff --git a/src/ui/controllers/optionalmenu.go b/src/ui/controllers/optionalmenu.go
index 96efcac68..fe0bb2b78 100644
--- a/src/ui/controllers/optionalmenu.go
+++ b/src/ui/controllers/optionalmenu.go
@@ -19,6 +19,8 @@ func (omc *OptionalMenuController) Get() {
 
 	var hasLoggedIn bool
 	var allowAddNew bool
+
+	var isAdminForLdap bool
 	var allowSettingAccount bool
 
 	if sessionUserID != nil {
@@ -35,7 +37,11 @@ func (omc *OptionalMenuController) Get() {
 		}
 		omc.Data["Username"] = u.Username
 
-		if omc.AuthMode == "db_auth" {
+		if userID == 1 {
+			isAdminForLdap = true
+		}
+
+		if omc.AuthMode == "db_auth" || isAdminForLdap {
 			allowSettingAccount = true
 		}
 
diff --git a/src/ui/static/resources/js/components/user/list-user.directive.html b/src/ui/static/resources/js/components/user/list-user.directive.html
index 31e540295..10147219e 100644
--- a/src/ui/static/resources/js/components/user/list-user.directive.html
+++ b/src/ui/static/resources/js/components/user/list-user.directive.html
@@ -31,7 +31,7 @@
               <th width="20%">// 'email' | tr //</th>
               <th width="35%">// 'registration_time' | tr //</th>
               <th width="15%">// 'administrator' | tr //</th>
-              <th width="20%">// 'operation' | tr //</th>
+              <th width="20%" ng-if="vm.authMode === 'db_auth'">// 'operation' | tr //</th>
             </thead>
           </table>
         </div>
@@ -46,7 +46,7 @@
                 <td width="15%">
                   <toggle-admin current-user="vm.currentUser" has-admin-role="u.has_admin_role" user-id="//u.user_id//"></toggle-admin>
                 </td>
-                <td width="20%">
+                <td width="20%" ng-if="vm.authMode === 'db_auth'">
                   &nbsp;&nbsp;<a ng-if="vm.currentUser.user_id != u.user_id" href="javascript:void(0)" ng-click="vm.confirmToDelete(u.user_id, u.username)"><span class="glyphicon glyphicon-trash"></span></a>
                 </td>
               </tr>
diff --git a/src/ui/static/resources/js/components/user/list-user.directive.js b/src/ui/static/resources/js/components/user/list-user.directive.js
index 18cd60a2c..77b1903db 100644
--- a/src/ui/static/resources/js/components/user/list-user.directive.js
+++ b/src/ui/static/resources/js/components/user/list-user.directive.js
@@ -98,6 +98,9 @@
       'restrict': 'E',
       'templateUrl': '/static/resources/js/components/user/list-user.directive.html',
       'link': link,
+      'scope': {
+        'authMode': '@'
+      },
       'controller': ListUserController,
       'controllerAs': 'vm',
       'bindToController': true
diff --git a/src/ui/views/admin-options.htm b/src/ui/views/admin-options.htm
index 68c225e0b..8e57a8ff0 100644
--- a/src/ui/views/admin-options.htm
+++ b/src/ui/views/admin-options.htm
@@ -24,7 +24,7 @@
           <span ng-if="vm.toggle">// 'system_management' | tr //</span>
           <a ng-if="!vm.toggle" href="#/destinations" class="title-color" ng-click="vm.toggleAdminOption({target: 'system_management'})">// 'system_management' | tr //</a>
         </h4> 
-        <list-user ng-if="vm.target === 'users'"></list-user>
+        <list-user ng-if="vm.target === 'users'" auth-mode="{{ .AuthMode }}"></list-user>
         <system-management ng-if="vm.target === 'system_management'"></system-management>
       </div>
     </div>