mirror
/
writefreely
mirror of https://github.com/writeas/writefreely
2
0
Fork 0
Code Issues Releases Wiki Activity

Prevent admin self-deletion in API

Browse Source 
Ref T319
pull/204/head
Matt Baer 4 years ago
parent f689706baa
commit 1d8facfe1c
1 changed files with 5 additions and 1 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 6
      account.go

6
account.go
Unescape View File

@ -1158,7 +1158,11 @@ func handleUserDelete(app *App, u *User, w http.ResponseWriter, r *http.Request)
return impart.HTTPError{http.StatusBadRequest, "Confirmation username must match your username exactly."} return impart.HTTPError{http.StatusBadRequest, "Confirmation username must match your username exactly."}
} }
// TODO: prevent admin delete themselves? // Check for account deletion safeguards in place
if u.IsAdmin() {
return impart.HTTPError{http.StatusForbidden, "Cannot delete admin."}
}
err := app.db.DeleteAccount(u.ID) err := app.db.DeleteAccount(u.ID)
if err != nil { if err != nil {
log.Error("user delete account: %v", err) log.Error("user delete account: %v", err)

Write Preview
Loading…
Cancel
Save