fix(user): prevent deletion and password modification of admin user in demo mode

2025-07-02 12:39:30 -04:00 · 2025-07-02 12:39:30 -04:00 · 0825ac525d
commit 0825ac525d
parent d26bc7f40b
3 changed files with 23 additions and 1 deletions
--- a/internal/logic/admin/user/batchDeleteUserLogic.go
+++ b/internal/logic/admin/user/batchDeleteUserLogic.go
@ -2,10 +2,13 @@ package user

 import (
 	"context"
+	"os"
+	"strings"

 	"github.com/perfect-panel/server/internal/svc"
 	"github.com/perfect-panel/server/internal/types"
 	"github.com/perfect-panel/server/pkg/logger"
+	"github.com/perfect-panel/server/pkg/tool"
 	"github.com/perfect-panel/server/pkg/xerr"
 	"github.com/pkg/errors"
 )
@ -25,6 +28,12 @@ func NewBatchDeleteUserLogic(ctx context.Context, svcCtx *svc.ServiceContext) *B
 }

 func (l *BatchDeleteUserLogic) BatchDeleteUser(req *types.BatchDeleteUserRequest) error {
+	isDemo := strings.ToLower(os.Getenv("PPANEL_MODE")) == "demo"
+
+	if tool.Contains(req.Ids, 2) && isDemo {
+		return errors.Wrapf(xerr.NewErrCodeMsg(503, "Demo mode does not allow deletion of the admin user"), "BatchDeleteUser failed: cannot delete admin user in demo mode")
+	}
+
 	err := l.svcCtx.UserModel.BatchDeleteUser(l.ctx, req.Ids)
 	if err != nil {
 		l.Logger.Error("[BatchDeleteUserLogic] BatchDeleteUser failed: ", logger.Field("error", err.Error()))
--- a/internal/logic/admin/user/deleteUserLogic.go
+++ b/internal/logic/admin/user/deleteUserLogic.go
@ -2,6 +2,8 @@ package user

 import (
 	"context"
+	"os"
+	"strings"

 	"github.com/perfect-panel/server/internal/svc"
 	"github.com/perfect-panel/server/internal/types"
@ -25,6 +27,11 @@ func NewDeleteUserLogic(ctx context.Context, svcCtx *svc.ServiceContext) *Delete
 }

 func (l *DeleteUserLogic) DeleteUser(req *types.GetDetailRequest) error {
+	isDemo := strings.ToLower(os.Getenv("PPANEL_MODE")) == "demo"
+
+	if req.Id == 2 && isDemo {
+		return errors.Wrapf(xerr.NewErrCodeMsg(503, "Demo mode does not allow deletion of the admin user"), "delete user failed: cannot delete admin user in demo mode")
+	}
 	err := l.svcCtx.UserModel.Delete(l.ctx, req.Id)
 	if err != nil {
 		return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseDeletedError), "delete user error: %v", err.Error())
--- a/internal/logic/admin/user/updateUserBasicInfoLogic.go
+++ b/internal/logic/admin/user/updateUserBasicInfoLogic.go
@ -2,6 +2,8 @@ package user

 import (
 	"context"
+	"os"
+	"strings"

 	"github.com/perfect-panel/server/internal/svc"
 	"github.com/perfect-panel/server/internal/types"
@ -33,12 +35,16 @@ func (l *UpdateUserBasicInfoLogic) UpdateUserBasicInfo(req *types.UpdateUserBasi
 		return errors.Wrapf(xerr.NewErrCode(xerr.DatabaseQueryError), "Find User Error")
 	}

+	isDemo := strings.ToLower(os.Getenv("PPANEL_MODE")) == "demo"
+
 	tool.DeepCopy(userInfo, req)
 	if req.Avatar != "" && !tool.IsValidImageSize(req.Avatar, 1024) {
 		return errors.Wrapf(xerr.NewErrCode(xerr.ERROR), "Invalid Image Size")
 	}
 	if req.Password != "" {
-		l.Infow("[UpdateUserBasicInfoLogic] Update User Password:", logger.Field("userId", req.UserId), logger.Field("password", req.Password))
+		if userInfo.Id == 2 && isDemo {
+			return errors.Wrapf(xerr.NewErrCodeMsg(503, "Demo mode does not allow modification of the admin user password"), "UpdateUserBasicInfo failed: cannot update admin user password in demo mode")
+		}
 		userInfo.Password = tool.EncodePassWord(req.Password)
 	}