AI/dify
1
0
Fork 0
mirror of https://git.mirrors.martin98.com/https://github.com/langgenius/dify.git synced 2025-08-14 01:56:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix: the bug that allows regular users to add unregistered users to the workspace. (#328)

Browse Source
This commit is contained in:
Columbus 2023-06-09 16:07:53 +08:00 committed by GitHub
parent 0abd67288b
commit 5943385d42
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
api/services/account_service.py
View File

@ -268,6 +268,7 @@ class TenantService:
if action not in ['add', 'remove', 'update']: if action not in ['add', 'remove', 'update']:
raise InvalidActionError("Invalid action.") raise InvalidActionError("Invalid action.")
if member:
if operator.id == member.id: if operator.id == member.id:
raise CannotOperateSelfError("Cannot operate self.") raise CannotOperateSelfError("Cannot operate self.")
@ -365,6 +366,7 @@ class RegisterService:
account = Account.query.filter_by(email=email).first() account = Account.query.filter_by(email=email).first()
if not account: if not account:
TenantService.check_member_permission(tenant, inviter, None, 'add')
name = email.split('@')[0] name = email.split('@')[0]
account = AccountService.create_account(email, name) account = AccountService.create_account(email, name)
account.status = AccountStatus.PENDING.value account.status = AccountStatus.PENDING.value