preserver platfrom user admin role (#3187)

2025-09-11 23:54:22 +08:00 · 2024-11-08 13:38:17 +04:00 · 2024-11-08 13:38:17 +04:00 · b796331f3c
commit b796331f3c
parent 4a92c908ad
2 changed files with 20 additions and 5 deletions
--- a/pro/logic/migrate.go
+++ b/pro/logic/migrate.go
@ -9,6 +9,9 @@ import (

 func MigrateUserRoleAndGroups(user models.User) {
 	var err error
+	if user.PlatformRoleID == models.AdminRole || user.PlatformRoleID == models.SuperAdminRole {
+		return
+	}
 	if len(user.RemoteGwIDs) > 0 {
 		// define user roles for network
 		// assign relevant network role to user
@ -31,13 +34,27 @@ func MigrateUserRoleAndGroups(user models.User) {
 		}
 	}
 	if len(user.NetworkRoles) > 0 {
-		for netID := range user.NetworkRoles {
+		for netID, netRoles := range user.NetworkRoles {
 			var g models.UserGroup
+			adminAccess := false
+			for netRoleID := range netRoles {
+				permTemplate, err := logic.GetRole(netRoleID)
+				if err == nil {
+					if permTemplate.FullAccess {
+						adminAccess = true
+					}
+				}
+			}
+
 			if user.PlatformRoleID == models.ServiceUser {
 				g, err = GetUserGroup(models.UserGroupID(fmt.Sprintf("%s-%s-grp", netID, models.NetworkUser)))
 			} else {
+				role := models.NetworkUser
+				if adminAccess {
+					role = models.NetworkAdmin
+				}
 				g, err = GetUserGroup(models.UserGroupID(fmt.Sprintf("%s-%s-grp",
-					netID, models.NetworkAdmin)))
+					netID, role)))
 			}
 			if err != nil {
 				continue
--- a/pro/logic/user_mgmt.go
+++ b/pro/logic/user_mgmt.go
@ -1229,9 +1229,7 @@ func AddGlobalNetRolesToAdmins(u models.User) {
 	if u.PlatformRoleID != models.SuperAdminRole && u.PlatformRoleID != models.AdminRole {
 		return
 	}
-	if u.UserGroups == nil {
-		u.UserGroups = make(map[models.UserGroupID]struct{})
-	}
+	u.UserGroups = make(map[models.UserGroupID]struct{})
 	u.UserGroups[models.UserGroupID(fmt.Sprintf("global-%s-grp", models.NetworkAdmin))] = struct{}{}
 	logic.UpsertUser(u)
 }