YourSelfHosted/memos
1
0
Fork 0
mirror of https://github.com/usememos/memos.git synced 2025-06-05 22:09:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

chore: prevent archive/delete current user

Browse Source
This commit is contained in:
Steven
2023-12-23 08:05:05 +08:00
parent 21874d0509
commit c267074851
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
api/v1/user.go
View File

@@ -312,6 +312,9 @@ func (s *APIV1Service) DeleteUser(c echo.Context) error {
if err != nil { if err != nil {
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("id"))).SetInternal(err) return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("id"))).SetInternal(err)
} }
if currentUserID == userID {
return echo.NewHTTPError(http.StatusBadRequest, "Cannot delete current user")
}
if err := s.Store.DeleteUser(ctx, &store.DeleteUser{ if err := s.Store.DeleteUser(ctx, &store.DeleteUser{
ID: userID, ID: userID,
@@ -371,6 +374,9 @@ func (s *APIV1Service) UpdateUser(c echo.Context) error {
if request.RowStatus != nil { if request.RowStatus != nil {
rowStatus := store.RowStatus(request.RowStatus.String()) rowStatus := store.RowStatus(request.RowStatus.String())
userUpdate.RowStatus = &rowStatus userUpdate.RowStatus = &rowStatus
if rowStatus == store.Archived && currentUserID == userID {
return echo.NewHTTPError(http.StatusBadRequest, "Cannot archive current user")
}
} }
if request.Username != nil { if request.Username != nil {
if !usernameMatcher.MatchString(strings.ToLower(*request.Username)) { if !usernameMatcher.MatchString(strings.ToLower(*request.Username)) {