Skip to content

D
dify
Unverified Commit 5943385d authored by Columbus's avatar Columbus Committed by GitHub
Browse files
Options

Fix: the bug that allows regular users to add unregistered users to the workspace. (#328)

parent 0abd6728
Hide whitespace changes
Inline Side-by-side
Showing with 5 additions and 3 deletions
api/services/account_service.py
View file @ 5943385d
...@@ -267,9 +267,10 @@ class TenantService: ...@@ -267,9 +267,10 @@ class TenantService:
} }
if action not in ['add', 'remove', 'update']: if action not in ['add', 'remove', 'update']:
raise InvalidActionError("Invalid action.") raise InvalidActionError("Invalid action.")
if operator.id == member.id: if member:
raise CannotOperateSelfError("Cannot operate self.") if operator.id == member.id:
raise CannotOperateSelfError("Cannot operate self.")
ta_operator = TenantAccountJoin.query.filter_by( ta_operator = TenantAccountJoin.query.filter_by(
tenant_id=tenant.id, tenant_id=tenant.id,
...@@ -365,6 +366,7 @@ class RegisterService: ...@@ -365,6 +366,7 @@ class RegisterService:
account = Account.query.filter_by(email=email).first() account = Account.query.filter_by(email=email).first()
if not account: if not account:
TenantService.check_member_permission(tenant, inviter, None, 'add')
name = email.split('@')[0] name = email.split('@')[0]
account = AccountService.create_account(email, name) account = AccountService.create_account(email, name)
account.status = AccountStatus.PENDING.value account.status = AccountStatus.PENDING.value
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment