From cc65668cbeb35152364965ef83b489c67339326d Mon Sep 17 00:00:00 2001 From: RainEggplant Date: Tue, 25 Sep 2018 09:54:15 +0800 Subject: [PATCH] Fix "incorrectly sets user group to 'user' when not specified in PUT method". --- routes/users.js | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/routes/users.js b/routes/users.js index 414b2b0..3a33ea7 100644 --- a/routes/users.js +++ b/routes/users.js @@ -268,7 +268,11 @@ router.put("/:id", verifyToken, async (req, res) => { return res.status(404).send("404 Not Found: User does not exist."); } - req.body.group = req.body.group === "admin" ? "admin" : "user"; + if (!req.body.group) { + req.body.group = user.group; + } else { + req.body.group = req.body.group === "admin" ? "admin" : "user"; + } // 当跨用户修改或添加管理员权限时,需要管理员权限。 // 修改真实姓名和学号也需要管理员权限。 if (!isAdmin) {