diff --git a/cmd/server/openapi/docs.go b/cmd/server/openapi/docs.go index 9fec7557028..eedc243b50c 100644 --- a/cmd/server/openapi/docs.go +++ b/cmd/server/openapi/docs.go @@ -5765,6 +5765,9 @@ const docTemplate = `{ "description": "Admin indicates the user is a system administrator.\n\nNOTE: If the username is part of the WOODPECKER_ADMIN\nenvironment variable, this value will be set to true on login.", "type": "boolean" }, + "admin_env": { + "type": "boolean" + }, "avatar_url": { "description": "the avatar url for this user.", "type": "string" diff --git a/server/api/users.go b/server/api/users.go index 072f87d00ee..9f45f4a1b18 100644 --- a/server/api/users.go +++ b/server/api/users.go @@ -24,6 +24,7 @@ import ( "github.com/gin-gonic/gin" "github.com/tink-crypto/tink-go/v2/subtle/random" + "go.woodpecker-ci.org/woodpecker/v3/server" "go.woodpecker-ci.org/woodpecker/v3/server/model" "go.woodpecker-ci.org/woodpecker/v3/server/router/middleware/session" "go.woodpecker-ci.org/woodpecker/v3/server/store" @@ -49,6 +50,9 @@ func GetUsers(c *gin.Context) { c.String(http.StatusInternalServerError, "Error getting user list. %s", err) return } + for _, user := range users { + user.AdminEnv = server.Config.Permissions.Admins.IsAdmin(user) + } c.JSON(http.StatusOK, users) } diff --git a/server/model/user.go b/server/model/user.go index fc6211074c3..862b6aec5e5 100644 --- a/server/model/user.go +++ b/server/model/user.go @@ -66,6 +66,8 @@ type User struct { // environment variable, this value will be set to true on login. Admin bool `json:"admin,omitempty" xorm:"admin"` + AdminEnv bool `json:"admin_env,omitempty" xorm:"-"` + // Hash is a unique token used to sign tokens. Hash string `json:"-" xorm:"UNIQUE varchar(500) 'hash'"` diff --git a/web/src/assets/locales/en.json b/web/src/assets/locales/en.json index 4847a29caaa..fd9384d2cee 100644 --- a/web/src/assets/locales/en.json +++ b/web/src/assets/locales/en.json @@ -416,7 +416,8 @@ "saved": "User saved", "admin": { "admin": "Admin", - "placeholder": "User is an admin" + "placeholder": "User is an admin", + "admin_warning": "This user has admin permissions because of your environment configuration. If you revoke the permission here, the user will regain them when they sign in next time." }, "delete_user": "Delete user", "edit_user": "Edit user" diff --git a/web/src/lib/api/types/user.ts b/web/src/lib/api/types/user.ts index 6d6589b88d1..e4ef100d316 100644 --- a/web/src/lib/api/types/user.ts +++ b/web/src/lib/api/types/user.ts @@ -21,6 +21,9 @@ export interface User { admin: boolean; // Whether the account has administrative privileges. + admin_env: boolean; + // Whether the administrative privileges are defined at env var level. + active: boolean; // Whether the account is currently active. diff --git a/web/src/views/admin/AdminUsers.vue b/web/src/views/admin/AdminUsers.vue index 3dc9f3f8df9..5b8904358b0 100644 --- a/web/src/views/admin/AdminUsers.vue +++ b/web/src/views/admin/AdminUsers.vue @@ -68,6 +68,12 @@ + +