Browse Source

Disallow normal users to change email

pull/6/head
Menci 8 years ago
parent
commit
064a1caa02
  1. 2
      modules/user.js
  2. 2
      views/user_edit.ejs

2
modules/user.js

@ -152,6 +152,7 @@ app.post('/user/:id/edit', async (req, res) => {
if (res.locals.user && await res.locals.user.hasPrivilege('manage_user')) { if (res.locals.user && await res.locals.user.hasPrivilege('manage_user')) {
if (!syzoj.utils.isValidUsername(req.body.username)) throw new ErrorMessage('无效的用户名。'); if (!syzoj.utils.isValidUsername(req.body.username)) throw new ErrorMessage('无效的用户名。');
user.username = req.body.username; user.username = req.body.username;
user.email = req.body.email;
} }
if (res.locals.user && res.locals.user.is_admin) { if (res.locals.user && res.locals.user.is_admin) {
@ -165,7 +166,6 @@ app.post('/user/:id/edit', async (req, res) => {
await user.setPrivileges(privileges); await user.setPrivileges(privileges);
} }
user.email = req.body.email;
user.information = req.body.information; user.information = req.body.information;
user.sex = req.body.sex; user.sex = req.body.sex;

2
views/user_edit.ejs

@ -23,7 +23,7 @@
</div> </div>
<div class="field"> <div class="field">
<label for="email">Email</label> <label for="email">Email</label>
<input class="font-content" type="email" id="email" name="email" value="<%= edited_user.email %>"> <input class="font-content" type="email" id="email" name="email" value="<%= edited_user.email %>"<% if (!user.allowedManage) { %> readonly<% } %>>
</div> </div>
<div class="field"> <div class="field">
<label for="information">个性签名</label> <label for="information">个性签名</label>

Loading…
Cancel
Save