Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 16:46:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat(emails): restore ability for admins to edit a user's email address [breaking]

Browse Source 
The edited user's email will be automatically confirmed
This commit is contained in:
Julian Lam
2021-07-05 16:55:47 -04:00
parent afd2d8dab1
commit c4e3362bd3
2 changed files with 32 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/controllers/accounts/edit.js
View File

@@ -77,10 +77,24 @@ editController.username = async function (req, res, next) {
await renderRoute('username', req, res, next); await renderRoute('username', req, res, next);
}; };
editController.email = async function (req, res) { editController.email = async function (req, res, next) {
const targetUid = await user.getUidByUserslug(req.params.userslug);
if (!targetUid) {
return next();
}
const [isAdminOrGlobalMod, canEdit] = await Promise.all([
user.isAdminOrGlobalMod(req.uid),
privileges.users.canEdit(req.uid, targetUid),
]);
if (!isAdminOrGlobalMod && !canEdit) {
return next();
}
req.session.registration = req.session.registration || {}; req.session.registration = req.session.registration || {};
req.session.registration.updateEmail = true; req.session.registration.updateEmail = true;
req.session.registration.uid = req.uid; req.session.registration.uid = targetUid;
helpers.redirect(res, '/register/complete'); helpers.redirect(res, '/register/complete');
}; };

20
src/user/index.js
View File

@@ -259,10 +259,22 @@ User.addInterstitials = function (callback) {
throw new Error('[[error:email-nochange]]'); throw new Error('[[error:email-nochange]]');
} }
await User.email.sendValidationEmail(userData.uid, { const [isAdminOrGlobalMod, canEdit] = await Promise.all([
email: formData.email, User.isAdminOrGlobalMod(data.req.uid),
force: true, privileges.users.canEdit(data.req.uid, userData.uid),
}); ]);
if (isAdminOrGlobalMod) {
await User.setUserField(userData.uid, 'email', formData.email);
await User.email.confirmByUid(userData.uid);
} else if (canEdit) {
await User.email.sendValidationEmail(userData.uid, {
email: formData.email,
force: true,
});
} else {
// User attempting to edit another user's email -- not allowed
throw new Error('[[error:no-privileges]]');
}
} else { } else {
// New registrants have the confirm email sent from user.create() // New registrants have the confirm email sent from user.create()
userData.email = formData.email; userData.email = formData.email;