Admin should not delete himself (#19423)

Admin should not be able to delete themselves. Also partially fix #15449
author: Lunny Xiao <xiaolunwen@gmail.com> 2022-05-09 04:22:55 +0800
committer: GitHub <noreply@github.com> 2022-05-08 21:22:55 +0100
commit: 9efa47131f3fa576bd0ef73fa4c5b96c95d89906 (patch)
tree: 80c65663cc9aab9f51f1e321a16bb84b7badc29b /routers/api/v1/admin/user.go
parent: 290cc884f2eaffd971d756d166f55771e8cdbed7 (diff)
download: gitea-9efa47131f3fa576bd0ef73fa4c5b96c95d89906.tar.gz
gitea-9efa47131f3fa576bd0ef73fa4c5b96c95d89906.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/routers/api/v1/admin/user.go b/routers/api/v1/admin/user.go
index 775802449a..6263a67048 100644
--- a/routers/api/v1/admin/user.go
+++ b/routers/api/v1/admin/user.go
@@ -310,6 +310,12 @@ func DeleteUser(ctx *context.APIContext) {
 		return
 	}
 
+	// admin should not delete themself
+	if ctx.ContextUser.ID == ctx.Doer.ID {
+		ctx.Error(http.StatusUnprocessableEntity, "", fmt.Errorf("you cannot delete yourself"))
+		return
+	}
+
 	if err := user_service.DeleteUser(ctx.ContextUser); err != nil {
 		if models.IsErrUserOwnRepos(err) ||
 			models.IsErrUserHasOrgs(err) ||
author	Lunny Xiao <xiaolunwen@gmail.com>	2022-05-09 04:22:55 +0800
committer	GitHub <noreply@github.com>	2022-05-08 21:22:55 +0100
commit	9efa47131f3fa576bd0ef73fa4c5b96c95d89906 (patch)
tree	80c65663cc9aab9f51f1e321a16bb84b7badc29b /routers/api/v1/admin/user.go
parent	290cc884f2eaffd971d756d166f55771e8cdbed7 (diff)
download	gitea-9efa47131f3fa576bd0ef73fa4c5b96c95d89906.tar.gz gitea-9efa47131f3fa576bd0ef73fa4c5b96c95d89906.zip