fixed #14832 user without HasAccessToSensitiveData change sensitive data: IsApproved IsApproved IsTwoFactorEnabled

2023-10-08 15:26:09 +08:00
parent c893027f7c
commit 1d5a684fd5
1 changed files with 11 additions and 1 deletions
--- a/src/Umbraco.Web.BackOffice/Controllers/MemberController.cs
+++ b/src/Umbraco.Web.BackOffice/Controllers/MemberController.cs
@@ -376,7 +376,10 @@ public class MemberController : ContentControllerBase
            }

            // map the custom properties - this will already be set for new entities in our member binder
-            contentItem.PersistedContent.IsApproved = contentItem.IsApproved;
+            if (_backOfficeSecurityAccessor.BackOfficeSecurity?.CurrentUser?.HasAccessToSensitiveData() ?? false)
+            {
+                contentItem.PersistedContent.IsApproved = contentItem.IsApproved;
+            }
            contentItem.PersistedContent.Email = contentItem.Email.Trim();
            contentItem.PersistedContent.Username = contentItem.Username;
        }
@@ -548,6 +551,13 @@ public class MemberController : ContentControllerBase
                    }
                }
            }
+            //thoese properties defaulting to sensitive, change the value of the contentItem model to the persisted value
+            if (contentItem.PersistedContent is not null)
+            {
+                contentItem.IsApproved = contentItem.PersistedContent.IsApproved;
+                contentItem.IsLockedOut = contentItem.PersistedContent.IsLockedOut;
+            }
+            contentItem.IsTwoFactorEnabled = await _twoFactorLoginService.IsTwoFactorEnabledAsync(contentItem.Key);
        }

        if (contentItem.PersistedContent is not null)