hz/ebiz-dify-ai
1
0
Fork 0
mirror of http://112.124.100.131/huang.ze/ebiz-dify-ai.git synced 2025-12-12 12:26:54 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix: the bug that allows regular users to add unregistered users to the workspace. (#328)

Browse Source
This commit is contained in:
Columbus
2023-06-09 16:07:53 +08:00
committed by GitHub
parent 0abd67288b
commit 5943385d42
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
api/services/account_service.py
View File

@@ -268,6 +268,7 @@ class TenantService:
if action not in ['add', 'remove', 'update']: if action not in ['add', 'remove', 'update']:
raise InvalidActionError("Invalid action.") raise InvalidActionError("Invalid action.")
if member:
if operator.id == member.id: if operator.id == member.id:
raise CannotOperateSelfError("Cannot operate self.") raise CannotOperateSelfError("Cannot operate self.")
@@ -365,6 +366,7 @@ class RegisterService:
account = Account.query.filter_by(email=email).first() account = Account.query.filter_by(email=email).first()
if not account: if not account:
TenantService.check_member_permission(tenant, inviter, None, 'add')
name = email.split('@')[0] name = email.split('@')[0]
account = AccountService.create_account(email, name) account = AccountService.create_account(email, name)
account.status = AccountStatus.PENDING.value account.status = AccountStatus.PENDING.value