From 8c8bad8602b8ddc7c3f6da2245a145b5c97e4ae8 Mon Sep 17 00:00:00 2001
From: Wenkai Yin <yinw@vmware.com>
Date: Mon, 9 May 2016 12:45:45 +0800
Subject: [PATCH] sysadmin has all privileges for projects

---
 api/member.go  | 26 +++++++++++++++++++++++++-
 api/project.go | 10 ++++++++++
 dao/role.go    | 15 +++++++++++++++
 3 files changed, 50 insertions(+), 1 deletion(-)

diff --git a/api/member.go b/api/member.go
index 0b95e9f1f..2ae7c9c53 100644
--- a/api/member.go
+++ b/api/member.go
@@ -92,7 +92,7 @@ func (pma *ProjectMemberAPI) Get() {
 		}
 		pma.Data["json"] = userList
 	} else { //return detail of a  member
-		roleList, err := dao.GetUserProjectRoles(pma.memberID, pid)
+		roleList, err := listRoles(pma.memberID, pid)
 		if err != nil {
 			log.Errorf("Error occurred in GetUserProjectRoles, error: %v", err)
 			pma.CustomAbort(http.StatusInternalServerError, "Internal error.")
@@ -241,3 +241,27 @@ func (pma *ProjectMemberAPI) Delete() {
 		return
 	}
 }
+
+//sysadmin has all privileges to all projects
+func listRoles(userID int, projectID int64) ([]models.Role, error) {
+	roles := make([]models.Role, 1)
+	isSysAdmin, err := dao.IsAdminRole(userID)
+	if err != nil {
+		return roles, err
+	}
+	if isSysAdmin {
+		role, err := dao.GetRoleByID(models.PROJECTADMIN)
+		if err != nil {
+			return roles, err
+		}
+		roles = append(roles, *role)
+		return roles, nil
+	}
+
+	rs, err := dao.GetUserProjectRoles(userID, projectID)
+	if err != nil {
+		return roles, err
+	}
+	roles = append(roles, rs...)
+	return roles, nil
+}
diff --git a/api/project.go b/api/project.go
index 993cc9ad7..b0c404c2b 100644
--- a/api/project.go
+++ b/api/project.go
@@ -190,6 +190,16 @@ func (p *ProjectAPI) FilterAccessLog() {
 }
 
 func isProjectAdmin(userID int, pid int64) bool {
+	isSysAdmin, err := dao.IsAdminRole(userID)
+	if err != nil {
+		log.Errorf("Error occurred in IsAdminRole, returning false, error: %v", err)
+		return false
+	}
+
+	if isSysAdmin {
+		return true
+	}
+
 	rolelist, err := dao.GetUserProjectRoles(userID, pid)
 	if err != nil {
 		log.Errorf("Error occurred in GetUserProjectRoles, returning false, error: %v", err)
diff --git a/dao/role.go b/dao/role.go
index aafecc74d..2adf93aaa 100644
--- a/dao/role.go
+++ b/dao/role.go
@@ -73,3 +73,18 @@ func IsAdminRole(userIDOrUsername interface{}) (bool, error) {
 
 	return user.HasAdminRole == 1, nil
 }
+
+// GetRoleByID ...
+func GetRoleByID(id int) (*models.Role, error) {
+	o := orm.NewOrm()
+
+	sql := `select *
+		from role
+		where role_id = ?`
+
+	var role models.Role
+	if err := o.Raw(sql, id).QueryRow(&role); err != nil {
+		return nil, err
+	}
+	return &role, nil
+}