🐛 Fix set avatar cause group permission leaked to personal

pkg/internal/web/api/accounts_api.go

@@ -113,7 +113,7 @@ func getUserinfo(c *fiber.Ctx) error {
 	return c.JSON(resp)
 }
 
-func updateUserinfo(c *fiber.Ctx) error {
+func editUserinfo(c *fiber.Ctx) error {
 	if err := exts.EnsureAuthenticated(c); err != nil {
 		return err
 	}

pkg/internal/web/api/avatar_api.go

@@ -26,9 +26,7 @@ func setAvatar(c *fiber.Ctx) error {
 	}
 
 	og := user.Avatar
-	user.Avatar = &data.AttachmentID
+	if err := database.C.Model(&user).Update("avatar", data.AttachmentID).Error; err != nil {
-
-	if err := database.C.Save(&user).Error; err != nil {
 		return fiber.NewError(fiber.StatusInternalServerError, err.Error())
 	} else {
 		services.AddEvent(user.ID, "profile.edit.avatar", nil, c.IP(), c.Get(fiber.HeaderUserAgent))
@@ -64,9 +62,7 @@ func setBanner(c *fiber.Ctx) error {
 	}
 
 	og := user.Banner
-	user.Banner = &data.AttachmentID
+	if err := database.C.Model(&user).Update("banner", data.AttachmentID).Error; err != nil {
-
-	if err := database.C.Save(&user).Error; err != nil {
 		return fiber.NewError(fiber.StatusInternalServerError, err.Error())
 	} else {
 		services.AddEvent(user.ID, "profile.edit.banner", nil, c.IP(), c.Get(fiber.HeaderUserAgent))

pkg/internal/web/api/index.go

@@ -67,7 +67,7 @@ func MapControllers(app *fiber.App, baseURL string) {
 
 			me.Get("/", getUserinfo)
 			me.Get("/oidc", getUserinfoForOidc)
-			me.Put("/", updateUserinfo)
+			me.Put("/", editUserinfo)
 			me.Put("/language", updateAccountLanguage)
 			me.Get("/events", getEvents)
 			me.Get("/tickets", getTickets)