From e12047e14098ff2390634ccc3f92da5920723ca8 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Tue, 19 Apr 2022 10:32:19 +0800 Subject: [PATCH] Admin should not delete himself --- options/locale/locale_en-US.ini | 1 + routers/api/v1/admin/user.go | 6 ++++++ routers/web/admin/users.go | 9 +++++++++ 3 files changed, 16 insertions(+) diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini index 875a557b43b0d..d43e34dd82de5 100644 --- a/options/locale/locale_en-US.ini +++ b/options/locale/locale_en-US.ini @@ -2529,6 +2529,7 @@ users.allow_import_local = May Import Local Repositories users.allow_create_organization = May Create Organizations users.update_profile = Update User Account users.delete_account = Delete User Account +users.cannot_delete_self = "You cannot delete yourself" users.still_own_repo = This user still owns one or more repositories. Delete or transfer these repositories first. users.still_has_org = This user is a member of an organization. Remove the user from any organizations first. users.still_own_packages = This user still owns one or more packages. Delete these packages first. diff --git a/routers/api/v1/admin/user.go b/routers/api/v1/admin/user.go index 775802449abba..b02ce05927305 100644 --- a/routers/api/v1/admin/user.go +++ b/routers/api/v1/admin/user.go @@ -310,6 +310,12 @@ func DeleteUser(ctx *context.APIContext) { return } + // admin should not delete himself + if ctx.ContextUser.ID == ctx.Doer.ID { + ctx.Error(http.StatusUnprocessableEntity, "", fmt.Errorf("You cannot delete yourself")) + return + } + if err := user_service.DeleteUser(ctx.ContextUser); err != nil { if models.IsErrUserOwnRepos(err) || models.IsErrUserHasOrgs(err) || diff --git a/routers/web/admin/users.go b/routers/web/admin/users.go index 57da319d794b6..78d3e1877dc0e 100644 --- a/routers/web/admin/users.go +++ b/routers/web/admin/users.go @@ -416,6 +416,15 @@ func DeleteUser(ctx *context.Context) { return } + // admin should not delete himself + if u.ID == ctx.Doer.ID { + ctx.Flash.Error(ctx.Tr("admin.users.cannot_delete_self")) + ctx.JSON(http.StatusOK, map[string]interface{}{ + "redirect": setting.AppSubURL + "/admin/users/" + url.PathEscape(ctx.Params(":userid")), + }) + return + } + if err = user_service.DeleteUser(u); err != nil { switch { case models.IsErrUserOwnRepos(err):