forked from shibao/cannery
fix exploit with role
This commit is contained in:
parent
2f9c08b79f
commit
1f789c0a8d
@ -109,12 +109,11 @@ defmodule Cannery.Accounts do
|
|||||||
@spec register_user(map()) :: {:ok, User.t()} | {:error, Changeset.t(User.new_user())}
|
@spec register_user(map()) :: {:ok, User.t()} | {:error, Changeset.t(User.new_user())}
|
||||||
def register_user(attrs) do
|
def register_user(attrs) do
|
||||||
# if no registered users, make first user an admin
|
# if no registered users, make first user an admin
|
||||||
attrs =
|
role =
|
||||||
if Repo.one!(from u in User, select: count(u.id), distinct: true) == 0,
|
if Repo.one!(from u in User, select: count(u.id), distinct: true) == 0,
|
||||||
do: attrs |> Map.put("role", "admin"),
|
do: "admin", else: "user"
|
||||||
else: attrs
|
|
||||||
|
|
||||||
%User{} |> User.registration_changeset(attrs) |> Repo.insert()
|
%User{} |> User.registration_changeset(attrs |> Map.put("role", role)) |> Repo.insert()
|
||||||
end
|
end
|
||||||
|
|
||||||
@doc """
|
@doc """
|
||||||
|
Loading…
Reference in New Issue
Block a user