feat: add forbidden check in SetPassword()

2025-07-02 11:20:18 +08:00 · 2024-01-19 16:30:22 +08:00
parent 5e99007fc9
commit 88130bf020
1 changed files with 5 additions and 0 deletions
--- a/controllers/user.go
+++ b/controllers/user.go
@ -473,6 +473,11 @@ func (c *ApiController) SetPassword() {
 		return
 	}

+	if targetUser.IsForbidden || targetUser.IsDeleted {
+		c.ResponseError(c.T("account:Failed to set password, the user is either forbidden or deleted"))
+		return
+	}
+
 	isAdmin := c.IsAdmin()
 	if isAdmin {
 		if oldPassword != "" {