diff options
| author | Lauri Ojansivu <x@xet7.org> | 2017-10-09 16:36:31 +0300 |
|---|---|---|
| committer | Lauri Ojansivu <x@xet7.org> | 2017-10-09 16:36:31 +0300 |
| commit | dc825823919394aee9728e92cce5dd01300905f0 (patch) | |
| tree | e2c2c82e0323ada51c768bb61fa72c12b44b2c44 | |
| parent | 10cb2db94f4a6bb8160d4250a4a44be766398ace (diff) | |
| parent | ff7b001b00ca5ef8d7f84513efcb63f975fa86e7 (diff) | |
| download | wekan-dc825823919394aee9728e92cce5dd01300905f0.tar.gz wekan-dc825823919394aee9728e92cce5dd01300905f0.tar.bz2 wekan-dc825823919394aee9728e92cce5dd01300905f0.zip | |
Merge branch 'soohwa-fix-admin-create-user' into devel
REST API: Create user despite disabling registration.
Thanks to soohwa ! Closes #1232
| -rw-r--r-- | CHANGELOG.md | 5 | ||||
| -rw-r--r-- | models/users.js | 24 |
2 files changed, 26 insertions, 3 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index ec7e1146..bae32c9b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,13 +2,14 @@ This release adds the following new features: -* [WIP Limits](https://github.com/wekan/wekan/pull/1278). +* [WIP Limits](https://github.com/wekan/wekan/pull/1278); +* [REST API: Create user despite disabling registration](https://github.com/wekan/wekan/issues/1232). and fixes the following bugs: * [Admin announcement can be viewed without signing in](https://github.com/wekan/wekan/issues/1281). -Thanks to Github users amadilsons and nztqa for their contributions. +Thanks to Github users amadilsons, nztqa and soohwa for their contributions. # v0.47 2017-10-04 Wekan release diff --git a/models/users.js b/models/users.js index c2238cde..3d4ff935 100644 --- a/models/users.js +++ b/models/users.js @@ -108,6 +108,10 @@ Users.attachSchema(new SimpleSchema({ type: Boolean, optional: true, }, + createdThroughApi: { + type: Boolean, + optional: true, + }, })); // Search a user in the complete server database by its name or username. This @@ -435,6 +439,12 @@ if (Meteor.isServer) { user.isAdmin = true; return user; } + + if (options.from === 'admin') { + user.createdThroughApi = true; + return user; + } + const disableRegistration = Settings.findOne().disableRegistration; if (!disableRegistration) { return user; @@ -524,6 +534,17 @@ if (Meteor.isServer) { Users.after.insert((userId, doc) => { + if (doc.createdThroughApi) { + // The admin user should be able to create a user despite disabling registration because + // it is two different things (registration and creation). + // So, when a new user is created via the api (only admin user can do that) one must avoid + // the disableRegistration check. + // Issue : https://github.com/wekan/wekan/issues/1232 + // PR : https://github.com/wekan/wekan/pull/1251 + Users.update(doc._id, { $set: { createdThroughApi: '' } }); + return; + } + //invite user to corresponding boards const disableRegistration = Settings.findOne().disableRegistration; if (disableRegistration) { @@ -581,7 +602,8 @@ if (Meteor.isServer) { const id = Accounts.createUser({ username: req.body.username, email: req.body.email, - password: 'default', + password: req.body.password, + from: 'admin', }); JsonRoutes.sendResult(res, { |