From 742edaa9e2b160c821bce753c3896bdbaa04c69f Mon Sep 17 00:00:00 2001
From: LittleSheep <littlesheep.code@hotmail.com>
Date: Tue, 25 Mar 2025 21:48:51 +0800
Subject: [PATCH] :bug: Fix set avatar cause group permission leaked to
 personal

---
 pkg/internal/web/api/accounts_api.go | 2 +-
 pkg/internal/web/api/avatar_api.go   | 8 ++------
 pkg/internal/web/api/index.go        | 2 +-
 3 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/pkg/internal/web/api/accounts_api.go b/pkg/internal/web/api/accounts_api.go
index e98e057..916a803 100644
--- a/pkg/internal/web/api/accounts_api.go
+++ b/pkg/internal/web/api/accounts_api.go
@@ -113,7 +113,7 @@ func getUserinfo(c *fiber.Ctx) error {
 	return c.JSON(resp)
 }
 
-func updateUserinfo(c *fiber.Ctx) error {
+func editUserinfo(c *fiber.Ctx) error {
 	if err := exts.EnsureAuthenticated(c); err != nil {
 		return err
 	}
diff --git a/pkg/internal/web/api/avatar_api.go b/pkg/internal/web/api/avatar_api.go
index 4e1074a..10fa764 100644
--- a/pkg/internal/web/api/avatar_api.go
+++ b/pkg/internal/web/api/avatar_api.go
@@ -26,9 +26,7 @@ func setAvatar(c *fiber.Ctx) error {
 	}
 
 	og := user.Avatar
-	user.Avatar = &data.AttachmentID
-
-	if err := database.C.Save(&user).Error; err != nil {
+	if err := database.C.Model(&user).Update("avatar", data.AttachmentID).Error; err != nil {
 		return fiber.NewError(fiber.StatusInternalServerError, err.Error())
 	} else {
 		services.AddEvent(user.ID, "profile.edit.avatar", nil, c.IP(), c.Get(fiber.HeaderUserAgent))
@@ -64,9 +62,7 @@ func setBanner(c *fiber.Ctx) error {
 	}
 
 	og := user.Banner
-	user.Banner = &data.AttachmentID
-
-	if err := database.C.Save(&user).Error; err != nil {
+	if err := database.C.Model(&user).Update("banner", data.AttachmentID).Error; err != nil {
 		return fiber.NewError(fiber.StatusInternalServerError, err.Error())
 	} else {
 		services.AddEvent(user.ID, "profile.edit.banner", nil, c.IP(), c.Get(fiber.HeaderUserAgent))
diff --git a/pkg/internal/web/api/index.go b/pkg/internal/web/api/index.go
index 199a80e..113ce1a 100644
--- a/pkg/internal/web/api/index.go
+++ b/pkg/internal/web/api/index.go
@@ -67,7 +67,7 @@ func MapControllers(app *fiber.App, baseURL string) {
 
 			me.Get("/", getUserinfo)
 			me.Get("/oidc", getUserinfoForOidc)
-			me.Put("/", updateUserinfo)
+			me.Put("/", editUserinfo)
 			me.Put("/language", updateAccountLanguage)
 			me.Get("/events", getEvents)
 			me.Get("/tickets", getTickets)