From 88130bf0205add6ff0e1d67ca396be15800974c0 Mon Sep 17 00:00:00 2001
From: Yang Luo <hsluoyz@qq.com>
Date: Fri, 19 Jan 2024 16:30:22 +0800
Subject: [PATCH] feat: add forbidden check in SetPassword()

---
 controllers/user.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/controllers/user.go b/controllers/user.go
index 16be9a1d..125f81a3 100644
--- a/controllers/user.go
+++ b/controllers/user.go
@@ -473,6 +473,11 @@ func (c *ApiController) SetPassword() {
 		return
 	}
 
+	if targetUser.IsForbidden || targetUser.IsDeleted {
+		c.ResponseError(c.T("account:Failed to set password, the user is either forbidden or deleted"))
+		return
+	}
+
 	isAdmin := c.IsAdmin()
 	if isAdmin {
 		if oldPassword != "" {