diff options
| author | Lunny Xiao <xiaolunwen@gmail.com> | 2022-05-09 04:22:55 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-05-08 21:22:55 +0100 |
| commit | 9efa47131f3fa576bd0ef73fa4c5b96c95d89906 (patch) | |
| tree | 80c65663cc9aab9f51f1e321a16bb84b7badc29b /routers | |
| parent | 290cc884f2eaffd971d756d166f55771e8cdbed7 (diff) | |
| download | gitea-9efa47131f3fa576bd0ef73fa4c5b96c95d89906.tar.gz gitea-9efa47131f3fa576bd0ef73fa4c5b96c95d89906.zip | |
Admin should not delete himself (#19423)
Admin should not be able to delete themselves.
Also partially fix #15449
Diffstat (limited to 'routers')
| -rw-r--r-- | routers/api/v1/admin/user.go | 6 | ||||
| -rw-r--r-- | routers/web/admin/users.go | 9 |
2 files changed, 15 insertions, 0 deletions
diff --git a/routers/api/v1/admin/user.go b/routers/api/v1/admin/user.go index 775802449a..6263a67048 100644 --- a/routers/api/v1/admin/user.go +++ b/routers/api/v1/admin/user.go @@ -310,6 +310,12 @@ func DeleteUser(ctx *context.APIContext) { return } + // admin should not delete themself + if ctx.ContextUser.ID == ctx.Doer.ID { + ctx.Error(http.StatusUnprocessableEntity, "", fmt.Errorf("you cannot delete yourself")) + return + } + if err := user_service.DeleteUser(ctx.ContextUser); err != nil { if models.IsErrUserOwnRepos(err) || models.IsErrUserHasOrgs(err) || diff --git a/routers/web/admin/users.go b/routers/web/admin/users.go index 57da319d79..7841ac569f 100644 --- a/routers/web/admin/users.go +++ b/routers/web/admin/users.go @@ -416,6 +416,15 @@ func DeleteUser(ctx *context.Context) { return } + // admin should not delete themself + if u.ID == ctx.Doer.ID { + ctx.Flash.Error(ctx.Tr("admin.users.cannot_delete_self")) + ctx.JSON(http.StatusOK, map[string]interface{}{ + "redirect": setting.AppSubURL + "/admin/users/" + url.PathEscape(ctx.Params(":userid")), + }) + return + } + if err = user_service.DeleteUser(u); err != nil { switch { case models.IsErrUserOwnRepos(err): |