From cb9b8a7f558bf8d4c56935ae2a25ad0a2e4b6e25 Mon Sep 17 00:00:00 2001
From: xiahaoshawn <haox@vmware.com>
Date: Mon, 9 May 2016 20:57:41 +0800
Subject: [PATCH 1/3] change password for admin user when in LDAP mode

---
 api/user.go                      |  4 +++-
 controllers/base.go              | 10 +++++++++-
 views/segment/header-content.tpl |  6 ++++++
 3 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/api/user.go b/api/user.go
index c9bb99800..45869fb6c 100644
--- a/api/user.go
+++ b/api/user.go
@@ -187,7 +187,9 @@ func (ua *UserAPI) Delete() {
 // ChangePassword handles PUT to /api/users/{}/password
 func (ua *UserAPI) ChangePassword() {
 
-	if !(ua.AuthMode == "db_auth") {
+	ldapAdminUser := (ua.AuthMode == "ldap_auth" && ua.userID == 1 && ua.userID == ua.currentUserID)
+	
+	if !(ua.AuthMode == "db_auth" || ldapAdminUser) {
 		ua.CustomAbort(http.StatusForbidden, "")
 	}
 
diff --git a/controllers/base.go b/controllers/base.go
index e76abe4be..a5edae407 100644
--- a/controllers/base.go
+++ b/controllers/base.go
@@ -41,6 +41,7 @@ type BaseController struct {
 	beego.Controller
 	i18n.Locale
 	SelfRegistration bool
+	IsLdapAdminUser  bool	
 	IsAdmin          bool
 	AuthMode         string
 }
@@ -115,17 +116,24 @@ func (b *BaseController) Prepare() {
 	if sessionUserID != nil {
 		b.Data["Username"] = b.GetSession("username")
 		b.Data["UserId"] = sessionUserID.(int)
-
+		
+		if (sessionUserID == 1 && b.AuthMode == "ldap_auth") {
+			b.IsLdapAdminUser = true
+		}
+		
 		var err error
 		b.IsAdmin, err = dao.IsAdminRole(sessionUserID.(int))
 		if err != nil {
 			log.Errorf("Error occurred in IsAdminRole:%v", err)
 			b.CustomAbort(http.StatusInternalServerError, "Internal error.")
 		}
+	}else {
+		b.IsLdapAdminUser = false
 	}
 
 	b.Data["IsAdmin"] = b.IsAdmin
 	b.Data["SelfRegistration"] = b.SelfRegistration
+	b.Data["IsLdapAdminUser"] = b.IsLdapAdminUser
 
 }
 
diff --git a/views/segment/header-content.tpl b/views/segment/header-content.tpl
index 464cd09aa..d5ee8b9d2 100644
--- a/views/segment/header-content.tpl
+++ b/views/segment/header-content.tpl
@@ -56,6 +56,12 @@
 					    {{ if eq .AuthMode "db_auth" }}
 						<li><a id="aChangePassword" href="/changePassword" target="_blank"><span class="glyphicon glyphicon-pencil"></span>&nbsp;&nbsp;{{i18n .Lang "change_password"}}</a></li>
 						<li role="separator" class="divider"></li>
+						{{ end }}
+						  {{ if eq .AuthMode "ldap_auth" }}
+							  {{ if eq .IsLdapAdminUser true }}
+						<li><a id="aChangePassword" href="/changePassword" target="_blank"><span class="glyphicon glyphicon-pencil"></span>&nbsp;&nbsp;{{i18n .Lang "change_password"}}</a></li>
+						<li role="separator" class="divider"></li>
+						    {{ end }} 
 						{{ end }}
 						{{ if eq .AuthMode "db_auth" }}
 						  {{ if eq .IsAdmin true }}

From 648a5746dd21fdd29d9253d34794365402c312c3 Mon Sep 17 00:00:00 2001
From: xiahaoshawn <haox@vmware.com>
Date: Tue, 10 May 2016 10:58:43 +0800
Subject: [PATCH 2/3] make a combination in if condition

---
 controllers/base.go              | 2 --
 views/segment/header-content.tpl | 6 ++----
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/controllers/base.go b/controllers/base.go
index a5edae407..7d4b3e535 100644
--- a/controllers/base.go
+++ b/controllers/base.go
@@ -127,8 +127,6 @@ func (b *BaseController) Prepare() {
 			log.Errorf("Error occurred in IsAdminRole:%v", err)
 			b.CustomAbort(http.StatusInternalServerError, "Internal error.")
 		}
-	}else {
-		b.IsLdapAdminUser = false
 	}
 
 	b.Data["IsAdmin"] = b.IsAdmin
diff --git a/views/segment/header-content.tpl b/views/segment/header-content.tpl
index d5ee8b9d2..f9d2d619f 100644
--- a/views/segment/header-content.tpl
+++ b/views/segment/header-content.tpl
@@ -57,12 +57,10 @@
 						<li><a id="aChangePassword" href="/changePassword" target="_blank"><span class="glyphicon glyphicon-pencil"></span>&nbsp;&nbsp;{{i18n .Lang "change_password"}}</a></li>
 						<li role="separator" class="divider"></li>
 						{{ end }}
-						  {{ if eq .AuthMode "ldap_auth" }}
-							  {{ if eq .IsLdapAdminUser true }}
+							{{ if eq .IsLdapAdminUser true }}
 						<li><a id="aChangePassword" href="/changePassword" target="_blank"><span class="glyphicon glyphicon-pencil"></span>&nbsp;&nbsp;{{i18n .Lang "change_password"}}</a></li>
 						<li role="separator" class="divider"></li>
-						    {{ end }} 
-						{{ end }}
+						{{ end }} 
 						{{ if eq .AuthMode "db_auth" }}
 						  {{ if eq .IsAdmin true }}
 						    <li><a id="aAddUser" href="/addUser" target="_blank"><span class="glyphicon glyphicon-plus"></span>&nbsp;&nbsp;{{i18n .Lang "add_user"}}</a></li>

From ebd072075189999ec6a4e9fb4d48d017035ffc6e Mon Sep 17 00:00:00 2001
From: xiahaoshawn <haox@vmware.com>
Date: Tue, 10 May 2016 11:07:10 +0800
Subject: [PATCH 3/3] changge head_content tpl

---
 views/segment/header-content.tpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/views/segment/header-content.tpl b/views/segment/header-content.tpl
index f9d2d619f..368a64d8c 100644
--- a/views/segment/header-content.tpl
+++ b/views/segment/header-content.tpl
@@ -57,7 +57,7 @@
 						<li><a id="aChangePassword" href="/changePassword" target="_blank"><span class="glyphicon glyphicon-pencil"></span>&nbsp;&nbsp;{{i18n .Lang "change_password"}}</a></li>
 						<li role="separator" class="divider"></li>
 						{{ end }}
-							{{ if eq .IsLdapAdminUser true }}
+						{{ if eq .IsLdapAdminUser true }}
 						<li><a id="aChangePassword" href="/changePassword" target="_blank"><span class="glyphicon glyphicon-pencil"></span>&nbsp;&nbsp;{{i18n .Lang "change_password"}}</a></li>
 						<li role="separator" class="divider"></li>
 						{{ end }}