src/Hotline.Api/Controllers/UserController.cs

@@ -133,13 +133,20 @@ public class UserController : BaseController
             throw UserFriendlyException.SameMessage("该账号不存在");
         if (_accountDomainService.IsLockedOut(account))
             throw UserFriendlyException.SameMessage("该账号已被锁定");
+        if(account.IsDeleted)
+            throw UserFriendlyException.SameMessage("该账号不存在");
 
         var user = await _userRepository.GetAsync(dto.Id, HttpContext.RequestAborted);
         if (user is null)
             throw UserFriendlyException.SameMessage("无效用户编号");
+        if (user.IsDeleted)
+            throw UserFriendlyException.SameMessage("该账号不存在");
 
         _mapper.Map(dto, user);
         await _userRepository.UpdateAsync(user, HttpContext.RequestAborted);
+
+        //set roles
+        await _accountRepository.SetAccountRolesAsync(account.Id, dto.RoleIds, HttpContext.RequestAborted);
     }
 
     /// <summary>
@@ -292,6 +299,11 @@ public class UserController : BaseController
         var account = await _accountRepository.GetAsync(_sessionContext.RequiredUserId, HttpContext.RequestAborted);
         if (account == null)
             throw UserFriendlyException.SameMessage("无效账号编号");
+        if (_accountDomainService.IsLockedOut(account))
+            throw UserFriendlyException.SameMessage("该账号已被锁定");
+        if (account.IsDeleted)
+            throw UserFriendlyException.SameMessage("该账号不存在");
+
         var result = await _accountDomainService.ResetPasswordAsync(account, dto.CurrentPassword, dto.NewPassword,
              HttpContext.RequestAborted);
         if (!result.Succeeded)