نظرة عامة
خصائص المستخدم
As an authentication platform, Casdoor manages user accounts. كل مستخدم لديه الخصائص التالية:
Owner: المنظمة التي تملك المستخدمName: اسم المستخدم الفريدCreatedTimeUpdatedTimeId: معرف فريد لكل مستخدمTypePasswordPasswordSaltPasswordOptions: خيارات تعقيد كلمة المرورDisplayName: يعرض في واجهة المستخدمFirstNameLastNameAvatar: رابط لصورة المستخدم الرمزيةPermanentAvatarEmailPhoneLocationAddressAffiliationTitleIdCardTypeIdCardHomepageBioTagRegionLanguageGenderBirthdayEducationScoreKarmaRankingIsDefaultAvatarIsOnlineIsAdmin: Indicates whether the user is an administrator of their organizationIsGlobalAdmin: Indicates whether the user has permission to manage CasdoorIsForbiddenIsDeleted: When a user is soft-deleted (IsDeleted = true), they cannot sign in through any authentication method, including OAuth providers. This prevents deleted users from re-registering via third-party login.SignupApplicationHashPreHashCreatedIpLastSigninTimeLastSigninIpRoles: An array of the user's roles (extended field, read-only via User API)Permissions: An array of the user's permissions (extended field, read-only via User API)
معرفات فريدة لتسجيلات الدخول للمنصات الاجتماعية:
GithubGoogleQQWeChatFacebookDingTalkWeiboGiteeLinkedInWecomLarkGitlabAdfsBaiduCasdoorInfoflowAppleAzure ADAzure AD B2CSlackSteamLdap
Organization Admin Privileges
Users with IsAdmin set to true have administrator privileges within their organization:
- Full access to manage users, applications, and resources within their organization
- Access to verification code records sent to users in their organization
- Ability to configure organization-level settings and policies
Organization admins have elevated permissions but are scoped to their organization only. Global admins (built-in organization users) have full access across all organizations in the Casdoor instance.
User Tags
The Tag field allows you to categorize users for different purposes. Casdoor uses specific tag values for special user types:
normal-user: Standard users with full authentication capabilitiesguest-user: Temporary users created through guest authentication without initial credentials- Automatically upgrade to
normal-userwhen they set a proper username or password - Cannot sign in directly until they upgrade their account
- Automatically upgrade to
You can also define custom tags to restrict application access. See Application Tags for more information.
Email Normalization
Casdoor normalizes all email addresses to lowercase to ensure uniqueness and prevent duplicate accounts. This means that user@example.com, User@Example.com, and USER@EXAMPLE.COM are treated as the same email address, complying with RFC 5321 standards.
This normalization happens automatically during:
- User signup and account creation
- User login and authentication
- Email duplicate checking
Understanding Roles and Permissions Fields
The Roles and Permissions fields in the User object are extended fields that are dynamically populated when retrieving user data. These fields are not stored directly in the User table but are collected from the Roles and Permissions resources through the ExtendUserWithRolesAndPermissions() function.
Important: You cannot update roles and permissions through the /api/update-user endpoint, even when using the columns parameter. To manage user roles and permissions, you must use the dedicated APIs for Roles and Permissions resources.
To assign roles or permissions to users:
- Roles: Use the Roles API endpoints to create and assign roles. Visit the Roles management page (e.g.,
https://door.casdoor.com/roles) or use the roles API. - Permissions: Use the Permissions API endpoints to create and assign permissions. Visit the Permissions management page (e.g.,
https://door.casdoor.com/permissions) or use the permissions API.
Using the Properties Field
The Properties field is a flexible key-value map (map[string]string) that allows you to store custom attributes for users beyond the predefined fields in the User schema. This is particularly useful when you need to:
- Store organization-specific user attributes
- Add custom metadata that doesn't fit into standard fields
- Extend user profiles without modifying the core schema
استيراد المستخدمين من ملف XLSX
يمكنك إضافة مستخدمين جدد أو تحديث مستخدمي Casdoor الحاليين عن طريق تحميل ملف XLSX يحتوي على معلومات المستخدم.
في لوحة التحكم الإدارية، اذهب إلى المستخدمين وانقر على الزر تحميل (.xlsx).
اختر ملف XLSX الخاص بك وانقر على فتح. سيتم استيراد المستخدمين.
نحن نوفر ملف XLSX نموذجي بإسم user_test.xlsx في مجلد xlsx. يتضمن القالب 5 مستخدمين للاختبار ورؤوس لبعض خصائص المستخدم المطلوبة.
Upload Permissions
User upload permissions depend on your admin role:
- Global admins (users in the
built-inorganization withIsGlobalAdminset to true) can upload users to any organization. The target organization is determined by theOwnerfield in the XLSX file. - Organization admins (users with
IsAdminset to true) can only upload users to their own organization. The system ensures that duplicate checking and user creation are scoped to the correct organization.
تجاوز تشفير كلمة المرور
عند نقل المستخدمين من قاعدة بيانات خارجية إلى Casdoor، قد تكون هناك حالات ترغب فيها بتجاوز أو التحكم في طريقة التشفير الافتراضية التي توفرها organization طريقة نوع كلمة المرور الافتراضية.
يمكن تحقيق ذلك باستخدام حقل passwordType أثناء استيراد المستخدم.
مستخدم بكلمة مرور Bycrypt
فيما يلي مثال على جسم طلب POST لمسار الواجهة البرمجية للتطبيق /api/add-user.
{
"owner": "organization",
"signupApplication": "first-app",
"email":"dev@dev.com",
"name": "dev",
"displayName": "developper",
"password": "$2a$10$.o/iVyDE9Xk8ioywHDnQRu72RviOi6FPa1ujhusbSCZeg7VOa6MY6",
"passwordType":"bcrypt",
}
هنا، كلمة مرور المستخدم مشفرة بالفعل باستخدام خوارزمية bcrypt، لذا نحدد passwordType كـ "bcrypt" لإعلام Casdoor بعدم تشفيرها مرة أخرى.