Writefreely
/
writefreely
mirror of https://github.com/writeas/writefreely
1
0
Fork 0
Code Issues Releases Wiki Activity

Prevent admin self-deletion in API 

Ref T319
This commit is contained in:
Matt Baer 2021-04-22 11:37:02 -04:00
parent f689706baa
commit 1d8facfe1c
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
account.go
View File

@ -1158,7 +1158,11 @@ func handleUserDelete(app *App, u *User, w http.ResponseWriter, r *http.Request)
return impart.HTTPError{http.StatusBadRequest, "Confirmation username must match your username exactly."}
}
// TODO: prevent admin delete themselves?
// Check for account deletion safeguards in place
if u.IsAdmin() {
return impart.HTTPError{http.StatusForbidden, "Cannot delete admin."}
}
err := app.db.DeleteAccount(u.ID)
if err != nil {
log.Error("user delete account: %v", err)