github
/
alist
mirror of https://github.com/Xhofe/alist
1
0
Fork 0
Code Issues Releases Wiki Activity

feat(user): Enhanced role assignment logic (#9297) 

- Imported the `utils` package
- Modified the role assignment logic to prevent assigning administrator or guest roles to users
pull/9299/head
千石 2025-08-28 09:57:34 +08:00 committed by GitHub
parent 3bf0af1e68
commit 84adba3acc
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
server/handles/user.go
View File

@ -1,9 +1,10 @@
package handles package handles
import ( import (
"github.com/alist-org/alist/v3/pkg/utils"
"strconv" "strconv"
"github.com/alist-org/alist/v3/pkg/utils"
"github.com/alist-org/alist/v3/internal/model" "github.com/alist-org/alist/v3/internal/model"
"github.com/alist-org/alist/v3/internal/op" "github.com/alist-org/alist/v3/internal/op"
"github.com/alist-org/alist/v3/server/common" "github.com/alist-org/alist/v3/server/common"
@ -97,6 +98,14 @@ func UpdateUser(c *gin.Context) {
return return
} }
} }
if !utils.SliceEqual(user.Role, req.Role) {
if req.IsAdmin() || req.IsGuest() {
common.ErrorStrResp(c, "cannot assign admin or guest role to user", 400, true)
return
}
}
if err := op.UpdateUser(&req); err != nil { if err := op.UpdateUser(&req); err != nil {
common.ErrorResp(c, err, 500) common.ErrorResp(c, err, 500)
} else { } else {