only assign auto-admin when sign up by web

diff --git a/cmd/web.go b/cmd/web.go
index a0e72b3810652b5175e33d2c57ee1bc613d8b70f..386fae74f87d8c4d6a206d21d2a55e3b9d84e915 100644 (file)
--- a/cmd/web.go
+++ b/cmd/web.go
@@ -206,7 +206,7 @@ func runWeb(ctx *cli.Context) {
                m.Get("/issues", user.Issues)
        }, reqSignIn)
 
-       // API.
+       // ***** START: API *****
        // FIXME: custom form error response.
        m.Group("/api", func() {
                m.Group("/v1", func() {
@@ -248,6 +248,7 @@ func runWeb(ctx *cli.Context) {
                        })
                })
        }, ignSignIn)
+       // ***** END: API *****
 
        // ***** START: User *****
        m.Group("/user", func() {

diff --git a/models/user.go b/models/user.go
index 8f93707da1cb0abd1ca286038678f804abfcb28c..bc0a0461ca800de0c5eee2d2dd4b37b4ba9e867d 100644 (file)
--- a/models/user.go
+++ b/models/user.go
@@ -373,17 +373,9 @@ func CreateUser(u *User) (err error) {
        } else if err = os.MkdirAll(UserPath(u.Name), os.ModePerm); err != nil {
                sess.Rollback()
                return err
-       } else if err = sess.Commit(); err != nil {
-               return err
        }
 
-       // Auto-set admin for the first user.
-       if CountUsers() == 1 {
-               u.IsAdmin = true
-               u.IsActive = true
-               _, err = x.Id(u.Id).AllCols().Update(u)
-       }
-       return err
+       return sess.Commit()
 }
 
 func countUsers(e Engine) int64 {

diff --git a/modules/middleware/auth.go b/modules/middleware/auth.go
index db643ccf28f888558a10d93868edba28a89b6003..f607460037aa9f4f2b800fc6c9bbf89becfef590 100644 (file)
--- a/modules/middleware/auth.go
+++ b/modules/middleware/auth.go
@@ -80,7 +80,7 @@ func Toggle(options *ToggleOptions) macaron.Handler {
                        return
                }
 
-               if !options.SignOutRequire && !options.DisableCsrf && ctx.Req.Method == "POST" {
+               if !options.SignOutRequire && !options.DisableCsrf && ctx.Req.Method == "POST" && !auth.IsAPIPath(ctx.Req.URL.Path) {
                        csrf.Validate(ctx.Context, ctx.csrf)
                        if ctx.Written() {
                                return

diff --git a/routers/user/auth.go b/routers/user/auth.go
index 61e572f9bc3542c3a241a55e8329cacb0392078d..5c6bb26fbaa5c1d76363fe09e6438ae56736c3e3 100644 (file)
--- a/routers/user/auth.go
+++ b/routers/user/auth.go
@@ -220,7 +220,6 @@ func SignUpPost(ctx *middleware.Context, cpt *captcha.Captcha, form auth.Registe
                Passwd:   form.Password,
                IsActive: !setting.Service.RegisterEmailConfirm || isOauth,
        }
-
        if err := models.CreateUser(u); err != nil {
                switch {
                case models.IsErrUserAlreadyExist(err):
@@ -242,6 +241,16 @@ func SignUpPost(ctx *middleware.Context, cpt *captcha.Captcha, form auth.Registe
        }
        log.Trace("Account created: %s", u.Name)
 
+       // Auto-set admin for the only user.
+       if models.CountUsers() == 1 {
+               u.IsAdmin = true
+               u.IsActive = true
+               if err := models.UpdateUser(u); err != nil {
+                       ctx.Handle(500, "UpdateUser", err)
+                       return
+               }
+       }
+
        // Bind social account.
        if isOauth {
                if err := models.BindUserOauth2(u.Id, sid); err != nil {