Merge branch 'soohwa-fix-admin-create-user' into devel

REST API: Create user despite disabling registration. Thanks to soohwa ! Closes #1232
8 years ago · dc82582391
parent 10cb2db94f ff7b001b00
commit dc82582391
2 changed files with 26 additions and 3 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,13 +2,14 @@

 This release adds the following new features:

-* [WIP Limits](https://github.com/wekan/wekan/pull/1278).
+* [WIP Limits](https://github.com/wekan/wekan/pull/1278);
+* [REST API: Create user despite disabling registration](https://github.com/wekan/wekan/issues/1232).

 and fixes the following bugs:

 * [Admin announcement can be viewed without signing in](https://github.com/wekan/wekan/issues/1281).

-Thanks to Github users amadilsons and nztqa for their contributions.
+Thanks to Github users amadilsons, nztqa and soohwa for their contributions.

 # v0.47 2017-10-04 Wekan release

--- a/models/users.js
+++ b/models/users.js
@ -108,6 +108,10 @@ Users.attachSchema(new SimpleSchema({
    type: Boolean,
    optional: true,
  },
+  createdThroughApi: {
+    type: Boolean,
+    optional: true,
+  },
 }));

 // Search a user in the complete server database by its name or username. This
@ -435,6 +439,12 @@ if (Meteor.isServer) {
      user.isAdmin = true;
      return user;
    }
+
+    if (options.from === 'admin') {
+      user.createdThroughApi = true;
+      return user;
+    }
+
    const disableRegistration = Settings.findOne().disableRegistration;
    if (!disableRegistration) {
      return user;
@ -524,6 +534,17 @@ if (Meteor.isServer) {

  Users.after.insert((userId, doc) => {

+    if (doc.createdThroughApi) {
+      // The admin user should be able to create a user despite disabling registration because
+      // it is two different things (registration and creation).
+      // So, when a new user is created via the api (only admin user can do that) one must avoid
+      // the disableRegistration check.
+      // Issue : https://github.com/wekan/wekan/issues/1232
+      // PR    : https://github.com/wekan/wekan/pull/1251
+      Users.update(doc._id, { $set: { createdThroughApi: '' } });
+      return;
+    }
+
    //invite user to corresponding boards
    const disableRegistration = Settings.findOne().disableRegistration;
    if (disableRegistration) {
@ -581,7 +602,8 @@ if (Meteor.isServer) {
    const id = Accounts.createUser({
      username: req.body.username,
      email: req.body.email,
-      password: 'default',
+      password: req.body.password,
+      from: 'admin',
    });

    JsonRoutes.sendResult(res, {