From 064a1caa02502f6fb9753e672f7a5738d14fe3fe Mon Sep 17 00:00:00 2001
From: Menci <HuangHaoRui301@Gmail.com>
Date: Sun, 9 Jul 2017 12:50:29 +0800
Subject: [PATCH] Disallow normal users to change email

---
 modules/user.js     | 2 +-
 views/user_edit.ejs | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/user.js b/modules/user.js
index d14ccc6..ed6767a 100644
--- a/modules/user.js
+++ b/modules/user.js
@@ -152,6 +152,7 @@ app.post('/user/:id/edit', async (req, res) => {
     if (res.locals.user && await res.locals.user.hasPrivilege('manage_user')) {
       if (!syzoj.utils.isValidUsername(req.body.username)) throw new ErrorMessage('无效的用户名。');
       user.username = req.body.username;
+      user.email = req.body.email;
     }
 
     if (res.locals.user && res.locals.user.is_admin) {
@@ -165,7 +166,6 @@ app.post('/user/:id/edit', async (req, res) => {
       await user.setPrivileges(privileges);
     }
 
-    user.email = req.body.email;
     user.information = req.body.information;
     user.sex = req.body.sex;
 
diff --git a/views/user_edit.ejs b/views/user_edit.ejs
index 9e36aa4..379b7ba 100644
--- a/views/user_edit.ejs
+++ b/views/user_edit.ejs
@@ -23,7 +23,7 @@
 	    </div>
 	    <div class="field">
 	    	<label for="email">Email</label>
-	    	<input class="font-content" type="email" id="email" name="email" value="<%= edited_user.email %>">
+	    	<input class="font-content" type="email" id="email" name="email" value="<%= edited_user.email %>"<% if (!user.allowedManage) { %> readonly<% } %>>
 	    </div>
 	    <div class="field">
 	    	<label for="information">个性签名</label>