From 5f58a1f4ad94460412289646e7f31b3fa9022b0c Mon Sep 17 00:00:00 2001
From: Julian Prieber <60265788+JulianPrieber@users.noreply.github.com>
Date: Mon, 11 Jul 2022 18:00:22 +0200
Subject: [PATCH] Added protection against admins deleting their own accounts

Admins cannot un-verify, block or delete admin accounts. This includes their own and other accounts.
---
 resources/views/panel/users.blade.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/resources/views/panel/users.blade.php b/resources/views/panel/users.blade.php
index 0108c5a..48f5c4d 100755
--- a/resources/views/panel/users.blade.php
+++ b/resources/views/panel/users.blade.php
@@ -40,9 +40,13 @@
               <td>{{ $user->role }}</td>
               <td><a href="{{ route('editUser', $user->id ) }}">Edit</a></td>
               <td><a href="{{ route('showLinksUser', $user->id ) }}" class="text-primary">View</a></td>
-              @if(env('REGISTER_AUTH') !== 'auth')<td><a href="{{ route('verifyUser', ['verify' => '-' . $user->email_verified_at, 'id' => $user->id] ) }}" class="text-danger">@if($user->email_verified_at == '')<span>no</span>@else<span style="color:#228B22">yes</span>@endif</a></td>@endif
-              <td><a href="{{ route('blockUser', ['block' => $user->block, 'id' => $user->id] ) }}" class="text-danger">{{ $user->block }}</a></td>
-              <td><center><a href="{{ route('deleteUser', ['id' => $user->id] ) }}" class="confirmation delete"><i class="bi bi-trash-fill del-icon"></i><span class="hide-mobile-del"> Delete</span></a></center></td>
+              @if(env('REGISTER_AUTH') !== 'auth')
+              <td>@if($user->find($user->id)->role == 'admin' and $user->email_verified_at != '')yes @else
+              <a href="{{ route('verifyUser', ['verify' => '-' . $user->email_verified_at, 'id' => $user->id] ) }}" class="text-danger">@if($user->email_verified_at == '')<span>no</span>@else<span style="color:#228B22">yes</span></a>@endif</td>
+              @endif
+              @endif
+              <td>@if($user->find($user->id)->role == 'admin')-@else<a href="{{ route('blockUser', ['block' => $user->block, 'id' => $user->id] ) }}" class="text-danger">{{ $user->block }}</a>@endif</td>
+              <td>@if($user->find($user->id)->role == 'admin')<center>-</center>@else<center><a href="{{ route('deleteUser', ['id' => $user->id] ) }}" class="confirmation delete"><i class="bi bi-trash-fill del-icon"></i><span class="hide-mobile-del"> Delete</span></a></center>@endif</td>
             </tr>
             @endforeach
           </tbody>