import org.sonar.api.server.ws.WebService.NewAction;
import org.sonar.api.utils.text.JsonWriter;
import org.sonar.core.permission.GlobalPermissions;
+import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.user.UserSession;
import org.sonar.server.user.UserUpdater;
import org.sonar.server.user.index.UserDoc;
userSession.checkLoggedIn().checkGlobalPermission(GlobalPermissions.SYSTEM_ADMIN);
String login = request.mandatoryParam(PARAM_LOGIN);
+ if (login.equals(userSession.getLogin())) {
+ throw new BadRequestException("Self-deactivation is not possible");
+ }
userUpdater.deactivateUserByLogin(login);
writeResponse(response, login);
import org.sonar.core.user.UserDto;
import org.sonar.server.db.DbClient;
import org.sonar.server.es.EsTester;
+import org.sonar.server.exceptions.BadRequestException;
import org.sonar.server.exceptions.ForbiddenException;
import org.sonar.server.exceptions.NotFoundException;
import org.sonar.server.tester.UserSessionRule;
assertThat(user.active()).isFalse();
}
+ @Test(expected = BadRequestException.class)
+ public void cannot_deactivate_self() throws Exception {
+ createUser();
+
+ userSessionRule.login("admin").setGlobalPermissions(GlobalPermissions.SYSTEM_ADMIN);
+ tester.newPostRequest("api/users", "deactivate")
+ .setParam("login", "admin")
+ .execute();
+ }
+
@Test(expected = ForbiddenException.class)
public void fail_on_missing_permission() throws Exception {
createUser();