AI/dify
1
0
Fork 0
mirror of https://git.mirrors.martin98.com/https://github.com/langgenius/dify.git synced 2025-08-10 16:58:59 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix: the bug that allows regular users to add unregistered users to the workspace. (#328)

Browse Source
This commit is contained in:
Columbus 2023-06-09 16:07:53 +08:00 committed by GitHub
parent 0abd67288b
commit 5943385d42
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
api/services/account_service.py
View File

@ -267,9 +267,10 @@ class TenantService:
}
if action not in ['add', 'remove', 'update']:
raise InvalidActionError("Invalid action.")
if operator.id == member.id:
raise CannotOperateSelfError("Cannot operate self.")
if member:
if operator.id == member.id:
raise CannotOperateSelfError("Cannot operate self.")
ta_operator = TenantAccountJoin.query.filter_by(
tenant_id=tenant.id,
@ -365,6 +366,7 @@ class RegisterService:
account = Account.query.filter_by(email=email).first()
if not account:
TenantService.check_member_permission(tenant, inviter, None, 'add')
name = email.split('@')[0]
account = AccountService.create_account(email, name)
account.status = AccountStatus.PENDING.value