From 1d5a684fd55d52c56995c337e94ceadc57cc3ef1 Mon Sep 17 00:00:00 2001 From: Kevin Fu <3350190+kevinfu2@users.noreply.github.com> Date: Sun, 8 Oct 2023 15:26:09 +0800 Subject: [PATCH] fixed #14832 user without HasAccessToSensitiveData change sensitive data: IsApproved IsApproved IsTwoFactorEnabled --- .../Controllers/MemberController.cs | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/Umbraco.Web.BackOffice/Controllers/MemberController.cs b/src/Umbraco.Web.BackOffice/Controllers/MemberController.cs index c190891217..8851a73a2b 100644 --- a/src/Umbraco.Web.BackOffice/Controllers/MemberController.cs +++ b/src/Umbraco.Web.BackOffice/Controllers/MemberController.cs @@ -376,7 +376,10 @@ public class MemberController : ContentControllerBase } // map the custom properties - this will already be set for new entities in our member binder - contentItem.PersistedContent.IsApproved = contentItem.IsApproved; + if (_backOfficeSecurityAccessor.BackOfficeSecurity?.CurrentUser?.HasAccessToSensitiveData() ?? false) + { + contentItem.PersistedContent.IsApproved = contentItem.IsApproved; + } contentItem.PersistedContent.Email = contentItem.Email.Trim(); contentItem.PersistedContent.Username = contentItem.Username; } @@ -548,6 +551,13 @@ public class MemberController : ContentControllerBase } } } + //thoese properties defaulting to sensitive, change the value of the contentItem model to the persisted value + if (contentItem.PersistedContent is not null) + { + contentItem.IsApproved = contentItem.PersistedContent.IsApproved; + contentItem.IsLockedOut = contentItem.PersistedContent.IsLockedOut; + } + contentItem.IsTwoFactorEnabled = await _twoFactorLoginService.IsTwoFactorEnabledAsync(contentItem.Key); } if (contentItem.PersistedContent is not null)