Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR restricts the fields that can be updated in the SetSelfInfo function to only HeaderImg and NickName, adding security controls for user self-updates.
Key Changes
- Added
Select()clause to limit updateable fields inSetSelfInfotoHeaderImgandNickNameonly
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| func (userService *UserService) SetSelfInfo(req system.SysUser) error { | ||
| return global.GVA_DB.Model(&system.SysUser{}). | ||
| Where("id=?", req.ID). | ||
| Select("HeaderImg", "NickName"). |
There was a problem hiding this comment.
Field names in the Select clause should use snake_case to match database column names ('header_img', 'nick_name') instead of struct field names. Looking at SetUserInfo (line 232), it correctly uses snake_case field names. This inconsistency may cause the update to fail or not work as intended.
| Select("HeaderImg", "NickName"). | |
| Select("header_img", "nick_name"). |
| func (userService *UserService) SetSelfInfo(req system.SysUser) error { | ||
| return global.GVA_DB.Model(&system.SysUser{}). | ||
| Where("id=?", req.ID). | ||
| Select("HeaderImg", "NickName"). |
There was a problem hiding this comment.
Inconsistent indentation detected. The Select line uses spaces instead of tabs, which is inconsistent with the surrounding code style (lines 251-252, 254 use tabs).
| Select("HeaderImg", "NickName"). | |
| Select("HeaderImg", "NickName"). |
修复个人中心修改头像昵称不生效