问题
I'm using OctoberCMS based on Laravel with the official Users plugin.
How can I modify this plugin to Disable or Deny Username Change?
The form can easily be hacked to allow change.
Plugin
Here is the file on GitHub I need to edit: Account.php
In the onUpdate() function, where it says $user->fill, it is saving all input fields.
I need to deny the username field in the function or with the validator.
public function onUpdate()
{
if (!$user = $this->user()) {
return;
}
$user->fill(post());
$user->save();
OctoberCMS
I set Login attribute to Username.
User Update Details
The User Update Page displays the form inputs a user can change:
Full Name is a column in the Database called surname that I don't use.
Username is the column username, the one I use, but it's not included on the default form.
Though someone can add the username field in the browser just by inspect element, edit the HTML:
<div class="form-group">
<label for="accountUsername">Username</label>
<input name="username" type="text" id="accountUsername" value="Desired Username">
</div>
Submit and it will change the name and update the username column in the database.
回答1:
You could extend the User model with something like this:
\RainLab\User\Models\User::extend(function($model) {
$model->bindEvent('model.beforeUpdate', function() use ($model) {
if ($model->isDirty('username')) {
throw new \ValidationException(['username' => 'Sorry!...']);
}
});
});
The above code will have a global impact, if defined in a registration method, preventing the username from ever being changed. To restrict it only to the front-end, consider using an expression like if (!App::runningInBackend()) { /* ... */ }. Otherwise you could simply listen to the event on that page only, inside the onInit page code function.
来源:https://stackoverflow.com/questions/42689595/modify-octobercms-laravel-plugin-to-disable-form-username-change