hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(emails): restore ability for admins to edit a user's email address [breaking]

Browse Source 
The edited user's email will be automatically confirmed
v1.18.x
Julian Lam 4 years ago
parent afd2d8dab1
commit c4e3362bd3
2 changed files with 32 additions and 6 deletions
Show Stats Download Patch File Download Diff File

18
src/controllers/accounts/edit.js
Unescape Escape View File

@ -77,10 +77,24 @@ editController.username = async function (req, res, next) {
await renderRoute('username', req, res, next);
};
editController.email = async function (req, res) {
editController.email = async function (req, res, next) {
const targetUid = await user.getUidByUserslug(req.params.userslug);
if (!targetUid) {
return next();
}
const [isAdminOrGlobalMod, canEdit] = await Promise.all([
user.isAdminOrGlobalMod(req.uid),
privileges.users.canEdit(req.uid, targetUid),
]);
if (!isAdminOrGlobalMod && !canEdit) {
return next();
}
req.session.registration = req.session.registration || {};
req.session.registration.updateEmail = true;
req.session.registration.uid = req.uid;
req.session.registration.uid = targetUid;
helpers.redirect(res, '/register/complete');
};

20
src/user/index.js
Unescape Escape View File

@ -259,10 +259,22 @@ User.addInterstitials = function (callback) {
throw new Error('[[error:email-nochange]]');
}
await User.email.sendValidationEmail(userData.uid, {
email: formData.email,
force: true,
});
const [isAdminOrGlobalMod, canEdit] = await Promise.all([
User.isAdminOrGlobalMod(data.req.uid),
privileges.users.canEdit(data.req.uid, userData.uid),
]);
if (isAdminOrGlobalMod) {
await User.setUserField(userData.uid, 'email', formData.email);
await User.email.confirmByUid(userData.uid);
} else if (canEdit) {
await User.email.sendValidationEmail(userData.uid, {
email: formData.email,
force: true,
});
} else {
// User attempting to edit another user's email -- not allowed
throw new Error('[[error:no-privileges]]');
}
} else {
// New registrants have the confirm email sent from user.create()
userData.email = formData.email;

Write Preview
Loading…
Cancel
Save