From 8b92e89ca166227f362c920a45e70c17c989ea2e Mon Sep 17 00:00:00 2001 From: eternal-flame-AD Date: Thu, 14 Nov 2024 02:50:44 -0600 Subject: [PATCH] Relax admin automated account registration Signed-off-by: eternal-flame-AD --- .../src/server/api/endpoints/admin/accounts/create.ts | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/packages/backend/src/server/api/endpoints/admin/accounts/create.ts b/packages/backend/src/server/api/endpoints/admin/accounts/create.ts index d30131a62f..1c20a49bb2 100644 --- a/packages/backend/src/server/api/endpoints/admin/accounts/create.ts +++ b/packages/backend/src/server/api/endpoints/admin/accounts/create.ts @@ -15,6 +15,7 @@ import { DI } from '@/di-symbols.js'; import type { Config } from '@/config.js'; import { ApiError } from '@/server/api/error.js'; import { Packed } from '@/misc/json-schema.js'; +import { RoleService } from '@/core/RoleService.js'; export const meta = { tags: ['admin'], @@ -65,6 +66,7 @@ export default class extends Endpoint { // eslint- @Inject(DI.usersRepository) private usersRepository: UsersRepository, + private roleService: RoleService, private userEntityService: UserEntityService, private signupService: SignupService, private instanceActorService: InstanceActorService, @@ -85,8 +87,8 @@ export default class extends Endpoint { // eslint- // 初期パスワードが設定されていないのに初期パスワードが入力された場合 throw new ApiError(meta.errors.wrongInitialPassword); } - } else if ((realUsers && !me?.isRoot) || token !== null) { - // 初回セットアップではなく、管理者でない場合 or 外部トークンを使用している場合 + } else if (!(me?.isRoot) && !await this.roleService.isAdministrator(me)) { + // 管理者でない場合 throw new ApiError(meta.errors.accessDenied); }