fix: refactor admin permission checks into util package (#2060)

Author: hsluoyz

controllers/account.go

@@ -86,7 +86,7 @@ func (c *ApiController) Signin() {
 	}
 
 	if strings.Count(claims.Type, "-") <= 1 {
-		if !claims.IsAdmin && claims.Type != "chat-admin" {
+		if !util.IsAdminOrChatAdmin(&claims.User) {
 			claims.Type = "chat-user"
 		}
 	}

controllers/util.go

@@ -133,12 +133,7 @@ func (c *ApiController) RequireAdmin() bool {
 
 func (c *ApiController) IsAdmin() bool {
 	user := c.GetSessionUser()
-	if user == nil {
-		return false
-	}
-
-	res := user.IsAdmin || user.Type == "chat-admin"
-	return res
+	return util.IsAdminOrChatAdmin(user)
 }
 
 func DenyRequest(ctx *context.Context) {

controllers/video.go

@@ -145,7 +145,7 @@ func (c *ApiController) UpdateVideo() {
 		return
 	}
 
-	if user.Type == "video-normal-user" {
+	if util.IsVideoNormalUser(user) {
 		if len(video.Remarks) > 0 || len(video.Remarks2) > 0 || video.State != "Draft" {
 			c.ResponseError(c.T("video:The video can only be updated when there are no remarks and the state is \"Draft\""))
 			return

object/util.go

@@ -61,12 +61,7 @@ func GetDbSession(owner string, offset, limit int, field, value, sortField, sort
 }
 
 func isAdmin(user *casdoorsdk.User) bool {
-	if user == nil {
-		return false
-	}
-
-	res := user.IsAdmin || user.Type == "chat-admin"
-	return res
+	return util.IsAdminOrChatAdmin(user)
 }
 
 func IsAnonymousUserByUsername(username string) bool {

routers/authz_filter.go

@@ -21,6 +21,7 @@ import (
 	"github.com/beego/beego/context"
 	"github.com/casibase/casibase/conf"
 	"github.com/casibase/casibase/controllers"
+	"github.com/casibase/casibase/util"
 )
 
 func AuthzFilter(ctx *context.Context) {
@@ -88,8 +89,7 @@ func permissionFilter(ctx *context.Context) {
 
 	user := GetSessionUser(ctx)
 
-	isAdmin := user != nil && (user.IsAdmin || user.Type == "chat-admin")
-	if !isAdmin {
+	if !util.IsAdminOrChatAdmin(user) {
 		responseError(ctx, "auth:this operation requires admin privilege")
 		return
 	}

util/permission.go

@@ -0,0 +1,46 @@
+// Copyright 2025 The Casibase Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package util
+
+import "github.com/casdoor/casdoor-go-sdk/casdoorsdk"
+
+const (
+	UserTypeChatAdmin       = "chat-admin"
+	UserTypeVideoNormalUser = "video-normal-user"
+)
+
+// IsChatAdmin checks if the user has the chat-admin role
+func IsChatAdmin(user *casdoorsdk.User) bool {
+	if user == nil {
+		return false
+	}
+	return user.Type == UserTypeChatAdmin
+}
+
+// IsAdminOrChatAdmin checks if the user is either a system admin or a chat-admin
+func IsAdminOrChatAdmin(user *casdoorsdk.User) bool {
+	if user == nil {
+		return false
+	}
+	return user.IsAdmin || user.Type == UserTypeChatAdmin
+}
+
+// IsVideoNormalUser checks if the user has the video-normal-user role
+func IsVideoNormalUser(user *casdoorsdk.User) bool {
+	if user == nil {
+		return false
+	}
+	return user.Type == UserTypeVideoNormalUser
+}