From 5943385d421ff512a0334716fc0d9f7f5bd784e6 Mon Sep 17 00:00:00 2001
From: Columbus <36625222+AtmosphereMao@users.noreply.github.com>
Date: Fri, 9 Jun 2023 16:07:53 +0800
Subject: [PATCH] Fix: the bug that allows regular users to add unregistered
 users to the workspace. (#328)

---
 api/services/account_service.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/api/services/account_service.py b/api/services/account_service.py
index 8442e0eab8..df401a3ef7 100644
--- a/api/services/account_service.py
+++ b/api/services/account_service.py
@@ -267,9 +267,10 @@ class TenantService:
         }
         if action not in ['add', 'remove', 'update']:
             raise InvalidActionError("Invalid action.")
-
-        if operator.id == member.id:
-            raise CannotOperateSelfError("Cannot operate self.")
+        
+        if member:
+            if operator.id == member.id:
+                raise CannotOperateSelfError("Cannot operate self.")
 
         ta_operator = TenantAccountJoin.query.filter_by(
             tenant_id=tenant.id,
@@ -365,6 +366,7 @@ class RegisterService:
         account = Account.query.filter_by(email=email).first()
 
         if not account:
+            TenantService.check_member_permission(tenant, inviter, None, 'add')
             name = email.split('@')[0]
             account = AccountService.create_account(email, name)
             account.status = AccountStatus.PENDING.value