From ca226e1f8100b58b7da4022c0842a5f31f6759b0 Mon Sep 17 00:00:00 2001
From: xxq250 <xxq250@qq.com>
Date: Tue, 24 Sep 2024 16:34:05 +0800
Subject: [PATCH] =?UTF-8?q?fixed=20=E8=B4=A6=E5=8F=B7=E7=9B=B8=E5=85=B3?=
 =?UTF-8?q?=E6=96=B9=E6=B3=95=E5=A2=9E=E5=8A=A0=E7=99=BB=E5=BD=95=E9=AA=8C?=
 =?UTF-8?q?=E8=AF=81,=E5=AE=89=E5=85=A8=E6=A0=A1=E9=AA=8C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/controllers/accounts_controller.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb
index 99bc19fda..e0508efe8 100644
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@@ -224,6 +224,7 @@ class AccountsController < ApplicationController
   def change_password 
     return render_error("两次输入的密码不一致") if params[:password].to_s != params[:new_password_repeat].to_s
     @user = User.find_by(login: params[:login])
+    return render_forbidden unless User.current.login == @user&.login
     return render_error("此用户禁止修改密码！") if @user.id.to_i === 104691
     return render_error("未找到相关用户!") if @user.blank?
     return render_error("旧密码不正确") unless @user.check_password?(params[:old_password])