Admin should not delete himself (#19423)
Admin should not be able to delete themselves. Also partially fix #15449
This commit is contained in:
parent
290cc884f2
commit
9efa47131f
3 changed files with 16 additions and 0 deletions
|
@ -2529,6 +2529,7 @@ users.allow_import_local = May Import Local Repositories
|
||||||
users.allow_create_organization = May Create Organizations
|
users.allow_create_organization = May Create Organizations
|
||||||
users.update_profile = Update User Account
|
users.update_profile = Update User Account
|
||||||
users.delete_account = Delete User Account
|
users.delete_account = Delete User Account
|
||||||
|
users.cannot_delete_self = "You cannot delete yourself"
|
||||||
users.still_own_repo = This user still owns one or more repositories. Delete or transfer these repositories first.
|
users.still_own_repo = This user still owns one or more repositories. Delete or transfer these repositories first.
|
||||||
users.still_has_org = This user is a member of an organization. Remove the user from any organizations first.
|
users.still_has_org = This user is a member of an organization. Remove the user from any organizations first.
|
||||||
users.still_own_packages = This user still owns one or more packages. Delete these packages first.
|
users.still_own_packages = This user still owns one or more packages. Delete these packages first.
|
||||||
|
|
|
@ -310,6 +310,12 @@ func DeleteUser(ctx *context.APIContext) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// admin should not delete themself
|
||||||
|
if ctx.ContextUser.ID == ctx.Doer.ID {
|
||||||
|
ctx.Error(http.StatusUnprocessableEntity, "", fmt.Errorf("you cannot delete yourself"))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
if err := user_service.DeleteUser(ctx.ContextUser); err != nil {
|
if err := user_service.DeleteUser(ctx.ContextUser); err != nil {
|
||||||
if models.IsErrUserOwnRepos(err) ||
|
if models.IsErrUserOwnRepos(err) ||
|
||||||
models.IsErrUserHasOrgs(err) ||
|
models.IsErrUserHasOrgs(err) ||
|
||||||
|
|
|
@ -416,6 +416,15 @@ func DeleteUser(ctx *context.Context) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// admin should not delete themself
|
||||||
|
if u.ID == ctx.Doer.ID {
|
||||||
|
ctx.Flash.Error(ctx.Tr("admin.users.cannot_delete_self"))
|
||||||
|
ctx.JSON(http.StatusOK, map[string]interface{}{
|
||||||
|
"redirect": setting.AppSubURL + "/admin/users/" + url.PathEscape(ctx.Params(":userid")),
|
||||||
|
})
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
if err = user_service.DeleteUser(u); err != nil {
|
if err = user_service.DeleteUser(u); err != nil {
|
||||||
switch {
|
switch {
|
||||||
case models.IsErrUserOwnRepos(err):
|
case models.IsErrUserOwnRepos(err):
|
||||||
|
|
Loading…
Reference in a new issue