diff options
author | Lunny Xiao <xiaolunwen@gmail.com> | 2022-05-09 04:22:55 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-05-08 21:22:55 +0100 |
commit | 9efa47131f3fa576bd0ef73fa4c5b96c95d89906 (patch) | |
tree | 80c65663cc9aab9f51f1e321a16bb84b7badc29b /routers/api/v1 | |
parent | 290cc884f2eaffd971d756d166f55771e8cdbed7 (diff) | |
download | gitea-9efa47131f3fa576bd0ef73fa4c5b96c95d89906.tar.gz gitea-9efa47131f3fa576bd0ef73fa4c5b96c95d89906.zip |
Admin should not delete himself (#19423)
Admin should not be able to delete themselves.
Also partially fix #15449
Diffstat (limited to 'routers/api/v1')
-rw-r--r-- | routers/api/v1/admin/user.go | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/routers/api/v1/admin/user.go b/routers/api/v1/admin/user.go index 775802449a..6263a67048 100644 --- a/routers/api/v1/admin/user.go +++ b/routers/api/v1/admin/user.go @@ -310,6 +310,12 @@ func DeleteUser(ctx *context.APIContext) { return } + // admin should not delete themself + if ctx.ContextUser.ID == ctx.Doer.ID { + ctx.Error(http.StatusUnprocessableEntity, "", fmt.Errorf("you cannot delete yourself")) + return + } + if err := user_service.DeleteUser(ctx.ContextUser); err != nil { if models.IsErrUserOwnRepos(err) || models.IsErrUserHasOrgs(err) || |