瀏覽代碼
Fix: the bug that allows regular users to add unregistered users to the workspace. (#328)
tags/0.3.2
Columbus
2 年之前
+ 5
- 3
api/services/account_service.py
查看文件
| } | } | ||||
| if action not in ['add', 'remove', 'update']: | if action not in ['add', 'remove', 'update']: | ||||
| raise InvalidActionError("Invalid action.") | raise InvalidActionError("Invalid action.") | ||||
| if operator.id == member.id: | |||||
| raise CannotOperateSelfError("Cannot operate self.") | |||||
| if member: | |||||
| if operator.id == member.id: | |||||
| raise CannotOperateSelfError("Cannot operate self.") | |||||
| ta_operator = TenantAccountJoin.query.filter_by( | ta_operator = TenantAccountJoin.query.filter_by( | ||||
| tenant_id=tenant.id, | tenant_id=tenant.id, | ||||
| account = Account.query.filter_by(email=email).first() | account = Account.query.filter_by(email=email).first() | ||||
| if not account: | if not account: | ||||
| TenantService.check_member_permission(tenant, inviter, None, 'add') | |||||
| name = email.split('@')[0] | name = email.split('@')[0] | ||||
| account = AccountService.create_account(email, name) | account = AccountService.create_account(email, name) | ||||
| account.status = AccountStatus.PENDING.value | account.status = AccountStatus.PENDING.value |
Loading…