Fixed panic with auth disabled, dont display user tab when auth disabled

Author: Forceu

internal/configuration/database/Database.go

@@ -273,6 +273,7 @@ func DeleteUser(id int) {
 	db.DeleteUser(id)
 }
 
+// GetSuperAdmin returns the models.User data for the super admin
 func GetSuperAdmin() (models.User, bool) {
 	users := db.GetAllUsers()
 	for _, user := range users {
@@ -286,23 +287,11 @@ func GetSuperAdmin() (models.User, bool) {
 // EditSuperAdmin changes parameters of the super admin. If no user exists, a new superadmin will be created
 // Returns an error if at least one user exists, but no superadmin
 func EditSuperAdmin(name, email, password string) error {
-	users := db.GetAllUsers()
-	for _, user := range users {
-		if user.UserLevel == models.UserLevelSuperAdmin {
-			if name != "" {
-				user.Name = name
-			}
-			if email != "" {
-				user.Email = email
-			}
-			if password != "" {
-				user.Password = password
-			}
-			db.SaveUser(user, false)
-			return nil
+	user, ok := GetSuperAdmin()
+	if !ok {
+		if len(GetAllUsers()) != 0 {
+			return errors.New("at least one user exists, but no superadmin found")
 		}
-	}
-	if len(users) == 0 {
 		newAdmin := models.User{
 			Name:        name,
 			Email:       email,
@@ -313,5 +302,15 @@ func EditSuperAdmin(name, email, password string) error {
 		db.SaveUser(newAdmin, true)
 		return nil
 	}
-	return errors.New("at least one user exists, but no superadmin found")
+	if name != "" {
+		user.Name = name
+	}
+	if email != "" {
+		user.Email = email
+	}
+	if password != "" {
+		user.Password = password
+	}
+	db.SaveUser(user, false)
+	return nil
 }

internal/webserver/Webserver.go

@@ -322,7 +322,7 @@ func showUserAdmin(w http.ResponseWriter, r *http.Request) {
 		panic(err)
 	}
 	view := (&UploadView{}).convertGlobalConfig(ViewUsers, userId)
-	if !view.ActiveUser.HasPermissionManageUsers() {
+	if !view.ActiveUser.HasPermissionManageUsers() || configuration.Get().Authentication.Method == models.AuthenticationDisabled {
 		redirect(w, "admin")
 		return
 	}
@@ -632,6 +632,7 @@ type UploadView struct {
 	IsDownloadView     bool
 	IsApiView          bool
 	IsLogoutAvailable  bool
+	IsUserTabAvailable bool
 	EndToEndEncryption bool
 	IncludeFilename    bool
 	MaxFileSize        int
@@ -743,6 +744,7 @@ func (u *UploadView) convertGlobalConfig(view, userId int) *UploadView {
 	u.ActiveView = view
 	u.MaxFileSize = config.MaxFileSizeMB
 	u.IsLogoutAvailable = authentication.IsLogoutAvailable()
+	u.IsUserTabAvailable = config.Authentication.Method != models.AuthenticationDisabled
 	u.EndToEndEncryption = config.Encryption.Level == encryption.EndToEndEncryption
 	u.MaxParallelUploads = config.MaxParallelUploads
 	u.ChunkSize = config.ChunkSize

internal/webserver/authentication/Authentication.go

@@ -91,7 +91,11 @@ func IsAuthenticated(w http.ResponseWriter, r *http.Request) (bool, int) {
 			return true, userId
 		}
 	case models.AuthenticationDisabled:
-		return true, 0
+		adminUser, ok := database.GetSuperAdmin()
+		if !ok {
+			panic("no super admin found")
+		}
+		return true, adminUser.Id
 	}
 	return false, -1
 }

internal/webserver/web/templates/html_header.tmpl

@@ -74,7 +74,7 @@
             {{ if .ActiveUser.HasPermissionManageLogs }}
             <a class="nav-link {{ if eq .ActiveView 1 }}active{{ end }}" href="./logs">Logs</a>
             {{ end }}
-            {{ if .ActiveUser.HasPermissionManageUsers }}
+            {{ if and .ActiveUser.HasPermissionManageUsers .IsUserTabAvailable }}
             <a class="nav-link {{ if eq .ActiveView 3 }}active{{ end }}" href="./users">Users</a>
             {{ end }}
             <a class="nav-link {{ if eq .ActiveView 2 }}active{{ end }}" href="./apiKeys">API</a>