feat: check uniqueness for email and phone when updating user (#1461)

* fix: check unique field when update user * Update data.json Co-authored-by: hsluoyz <hsluoyz@qq.com>
2025-07-02 11:20:18 +08:00 · 2023-01-10 22:34:08 +08:00
parent fcb80b800f
commit ce2a4bbf6e
14 changed files with 76 additions and 18 deletions
--- a/controllers/user.go
+++ b/controllers/user.go
@ -148,8 +148,8 @@ func (c *ApiController) UpdateUser() {
 		return
 	}

-	if user.DisplayName == "" {
-		c.ResponseError(c.T("user:Display name cannot be empty"))
+	if msg := object.CheckUpdateUser(object.GetUser(id), &user, c.GetAcceptLanguage()); msg != "" {
+		c.ResponseError(msg)
 		return
 	}

--- a/controllers/verification.go
+++ b/controllers/verification.go
@ -175,9 +175,14 @@ func (c *ApiController) ResetEmailOrPhone() {
 	}

 	checkDest := dest
-	org := object.GetOrganizationByUser(user)
+	organization := object.GetOrganizationByUser(user)
 	if destType == "phone" {
-		phoneItem := object.GetAccountItemByName("Phone", org)
+		if object.HasUserByField(user.Owner, "phone", user.Phone) {
+			c.ResponseError(c.T("check:Phone already exists"))
+			return
+		}
+
+		phoneItem := object.GetAccountItemByName("Phone", organization)
 		if phoneItem == nil {
 			c.ResponseError(c.T("verification:Unable to get the phone modify rule."))
 			return
@ -189,12 +194,17 @@ func (c *ApiController) ResetEmailOrPhone() {
 		}

 		phonePrefix := "86"
-		if org != nil && org.PhonePrefix != "" {
-			phonePrefix = org.PhonePrefix
+		if organization != nil && organization.PhonePrefix != "" {
+			phonePrefix = organization.PhonePrefix
 		}
 		checkDest = fmt.Sprintf("+%s%s", phonePrefix, dest)
 	} else if destType == "email" {
-		emailItem := object.GetAccountItemByName("Email", org)
+		if object.HasUserByField(user.Owner, "email", user.Email) {
+			c.ResponseError(c.T("check:Email already exists"))
+			return
+		}
+
+		emailItem := object.GetAccountItemByName("Email", organization)
 		if emailItem == nil {
 			c.ResponseError(c.T("verification:Unable to get the email modify rule."))
 			return
--- a/object/check.go
+++ b/object/check.go
@ -60,8 +60,8 @@ func CheckUserSignup(application *Application, organization *Organization, usern
 		if reWhiteSpace.MatchString(username) {
 			return i18n.Translate(lang, "check:Username cannot contain white spaces")
 		}
-		msg := CheckUsername(username, lang)
-		if msg != "" {
+
+		if msg := CheckUsername(username, lang); msg != "" {
 			return msg
 		}

@ -342,6 +342,34 @@ func CheckUsername(username string, lang string) string {
 	return ""
 }

+func CheckUpdateUser(oldUser *User, user *User, lang string) string {
+	if user.DisplayName == "" {
+		return i18n.Translate(lang, "user:Display name cannot be empty")
+	}
+
+	if msg := CheckUsername(user.Name, lang); msg != "" {
+		return msg
+	}
+
+	if oldUser.Name != user.Name {
+		if HasUserByField(user.Owner, "name", user.Name) {
+			return i18n.Translate(lang, "check:Username already exists")
+		}
+	}
+	if oldUser.Email != user.Email {
+		if HasUserByField(user.Name, "email", user.Email) {
+			return i18n.Translate(lang, "check:Email already exists")
+		}
+	}
+	if oldUser.Phone != user.Phone {
+		if HasUserByField(user.Owner, "phone", user.Phone) {
+			return i18n.Translate(lang, "check:Phone already exists")
+		}
+	}
+
+	return ""
+}
+
 func CheckToEnableCaptcha(application *Application) bool {
 	if len(application.Providers) == 0 {
 		return false
--- a/web/src/ResetModal.js
+++ b/web/src/ResetModal.js
@ -37,7 +37,11 @@ export const ResetModal = (props) => {

  const handleOk = () => {
    if (dest === "") {
-      Setting.showMessage("error", i18next.t("user:Empty " + destType));
+      if (destType === "phone") {
+        Setting.showMessage("error", i18next.t("user:Phone cannot be empty"));
+      } else {
+        Setting.showMessage("error", i18next.t("user:Email cannot be empty"));
+      }
      return;
    }
    if (code === "") {
--- a/web/src/UserEditPage.js
+++ b/web/src/UserEditPage.js
@ -284,18 +284,16 @@ class UserEditPage extends React.Component {
            {Setting.getLabel(i18next.t("general:Email"), i18next.t("general:Email - Tooltip"))} :
          </Col>
          <Col style={{paddingRight: "20px"}} span={11} >
-            <Input value={this.state.user.email}
+            <Select value={this.state.user.email}
+              options={[Setting.getItem(this.state.user.email, this.state.user.email)]}
              disabled={disabled}
              onChange={e => {
                this.updateUserField("email", e.target.value);
              }} />
          </Col>
          <Col span={11} >
-            {
-              !this.isSelf() ? null : (
-                <ResetModal application={this.state.application} disabled={disabled} buttonText={i18next.t("user:Reset Email...")} destType={"email"} />
-              )
-            }
+            {/* backend auto get the current user, so admin can not edit. Just self can reset*/}
+            {this.isSelf() ? <ResetModal application={this.state.application} disabled={disabled} buttonText={i18next.t("user:Reset Email...")} destType={"email"} /> : null}
          </Col>
        </Row>
      );
@ -306,14 +304,15 @@ class UserEditPage extends React.Component {
            {Setting.getLabel(i18next.t("general:Phone"), i18next.t("general:Phone - Tooltip"))} :
          </Col>
          <Col style={{paddingRight: "20px"}} span={11} >
-            <Input value={this.state.user.phone} addonBefore={`+${this.state.application?.organizationObj.phonePrefix}`}
+            <Select value={`+${this.state.application?.organizationObj.phonePrefix} ${this.state.user.phone}`}
+              options={[Setting.getItem(`+${this.state.application?.organizationObj.phonePrefix} ${this.state.user.phone}`, this.state.user.phone)]}
              disabled={disabled}
              onChange={e => {
                this.updateUserField("phone", e.target.value);
              }} />
          </Col>
          <Col span={11} >
-            {this.state.user.id === this.props.account?.id ? (<ResetModal application={this.state.application} disabled={disabled} buttonText={i18next.t("user:Reset Phone...")} destType={"phone"} />) : null}
+            {this.isSelf() ? (<ResetModal application={this.state.application} disabled={disabled} buttonText={i18next.t("user:Reset Phone...")} destType={"phone"} />) : null}
          </Col>
        </Row>
      );
--- a/web/src/UserListPage.js
+++ b/web/src/UserListPage.js
@ -354,6 +354,7 @@ class UserListPage extends BaseListPage {
              <Popconfirm
                title={`Sure to delete user: ${record.name} ?`}
                onConfirm={() => this.deleteUser(index)}
+                disabled={disabled}
              >
                <Button disabled={disabled} style={{marginBottom: "10px"}} type="primary" danger>{i18next.t("general:Delete")}</Button>
              </Popconfirm>
--- a/web/src/locales/de/data.json
+++ b/web/src/locales/de/data.json
@ -714,6 +714,7 @@
    "Country/Region": "Land/Region",
    "Country/Region - Tooltip": "Country/Region",
    "Edit User": "Benutzer bearbeiten",
+    "Email cannot be empty": "Email cannot be empty",
    "Empty input!": "Empty input!",
    "Homepage": "Homepage",
    "Homepage - Tooltip": "Startseite - Tooltip",
@ -742,6 +743,7 @@
    "Old Password": "Altes Passwort",
    "Password": "Passwort",
    "Password Set": "Passwort setzen",
+    "Phone cannot be empty": "Phone cannot be empty",
    "Please select avatar from resources": "Please select avatar from resources",
    "Properties": "Eigenschaften",
    "Properties - Tooltip": "Properties - Tooltip",
--- a/web/src/locales/en/data.json
+++ b/web/src/locales/en/data.json
@ -714,6 +714,7 @@
    "Country/Region": "Country/Region",
    "Country/Region - Tooltip": "Country/Region - Tooltip",
    "Edit User": "Edit User",
+    "Email cannot be empty": "Email cannot be empty",
    "Empty input!": "Empty input!",
    "Homepage": "Homepage",
    "Homepage - Tooltip": "Homepage - Tooltip",
@ -742,6 +743,7 @@
    "Old Password": "Old Password",
    "Password": "Password",
    "Password Set": "Password Set",
+    "Phone cannot be empty": "Phone cannot be empty",
    "Please select avatar from resources": "Please select avatar from resources",
    "Properties": "Properties",
    "Properties - Tooltip": "Properties - Tooltip",
--- a/web/src/locales/es/data.json
+++ b/web/src/locales/es/data.json
@ -714,6 +714,7 @@
    "Country/Region": "Pais/Región",
    "Country/Region - Tooltip": "Pais/Región - Tooltip",
    "Edit User": "Editar usuario",
+    "Email cannot be empty": "Email cannot be empty",
    "Empty input!": "Campo requerido!",
    "Homepage": "Página de Inicio",
    "Homepage - Tooltip": "Página de Inicio - Tooltip",
@ -742,6 +743,7 @@
    "Old Password": "Contraseña anterior",
    "Password": "Contraseña",
    "Password Set": "Password Set",
+    "Phone cannot be empty": "Phone cannot be empty",
    "Please select avatar from resources": "Please select avatar from resources",
    "Properties": "Propiedades",
    "Properties - Tooltip": "Properties - Tooltip",
--- a/web/src/locales/fr/data.json
+++ b/web/src/locales/fr/data.json
@ -714,6 +714,7 @@
    "Country/Region": "Pays/Région",
    "Country/Region - Tooltip": "Country/Region",
    "Edit User": "Editer l'utilisateur",
+    "Email cannot be empty": "Email cannot be empty",
    "Empty input!": "Empty input!",
    "Homepage": "Page d'accueil",
    "Homepage - Tooltip": "Page d'accueil - infobulle",
@ -742,6 +743,7 @@
    "Old Password": "Ancien mot de passe",
    "Password": "Mot de passe",
    "Password Set": "Mot de passe défini",
+    "Phone cannot be empty": "Phone cannot be empty",
    "Please select avatar from resources": "Please select avatar from resources",
    "Properties": "Propriétés",
    "Properties - Tooltip": "Properties - Tooltip",
--- a/web/src/locales/ja/data.json
+++ b/web/src/locales/ja/data.json
@ -714,6 +714,7 @@
    "Country/Region": "国/地域",
    "Country/Region - Tooltip": "Country/Region",
    "Edit User": "ユーザーを編集",
+    "Email cannot be empty": "Email cannot be empty",
    "Empty input!": "Empty input!",
    "Homepage": "ホームページ",
    "Homepage - Tooltip": "ホームページ - ツールチップ",
@ -742,6 +743,7 @@
    "Old Password": "古いパスワード",
    "Password": "パスワード",
    "Password Set": "パスワード設定",
+    "Phone cannot be empty": "Phone cannot be empty",
    "Please select avatar from resources": "Please select avatar from resources",
    "Properties": "プロパティー",
    "Properties - Tooltip": "Properties - Tooltip",
--- a/web/src/locales/ko/data.json
+++ b/web/src/locales/ko/data.json
@ -714,6 +714,7 @@
    "Country/Region": "Country/Region",
    "Country/Region - Tooltip": "Country/Region",
    "Edit User": "Edit User",
+    "Email cannot be empty": "Email cannot be empty",
    "Empty input!": "Empty input!",
    "Homepage": "Homepage",
    "Homepage - Tooltip": "Homepage - Tooltip",
@ -742,6 +743,7 @@
    "Old Password": "Old Password",
    "Password": "Password",
    "Password Set": "Password Set",
+    "Phone cannot be empty": "Phone cannot be empty",
    "Please select avatar from resources": "Please select avatar from resources",
    "Properties": "Properties",
    "Properties - Tooltip": "Properties - Tooltip",
--- a/web/src/locales/ru/data.json
+++ b/web/src/locales/ru/data.json
@ -714,6 +714,7 @@
    "Country/Region": "Страна/регион",
    "Country/Region - Tooltip": "Country/Region",
    "Edit User": "Изменить пользователя",
+    "Email cannot be empty": "Email cannot be empty",
    "Empty input!": "Empty input!",
    "Homepage": "Главная страница",
    "Homepage - Tooltip": "Главная страница - Подсказки",
@ -742,6 +743,7 @@
    "Old Password": "Старый пароль",
    "Password": "Пароль",
    "Password Set": "Пароль установлен",
+    "Phone cannot be empty": "Phone cannot be empty",
    "Please select avatar from resources": "Please select avatar from resources",
    "Properties": "Свойства",
    "Properties - Tooltip": "Properties - Tooltip",
--- a/web/src/locales/zh/data.json
+++ b/web/src/locales/zh/data.json
@ -714,6 +714,7 @@
    "Country/Region": "国家/地区",
    "Country/Region - Tooltip": "国家/地区",
    "Edit User": "编辑用户",
+    "Email cannot be empty": "邮箱不能为空",
    "Empty input!": "输入为空！",
    "Homepage": "个人主页",
    "Homepage - Tooltip": "个人主页链接",
@ -742,6 +743,7 @@
    "Old Password": "旧密码",
    "Password": "密码",
    "Password Set": "密码已设置",
+    "Phone cannot be empty": "手机号不能为空",
    "Please select avatar from resources": "从资源中选择...",
    "Properties": "属性",
    "Properties - Tooltip": "属性",