Skip to content

C
canifa_note
Commit c2670748 authored by Steven's avatar Steven
Browse files
Options

chore: prevent archive/delete current user

parent 21874d05
Show whitespace changes
Inline Side-by-side
Showing with 6 additions and 0 deletions
api/v1/user.go
View file @ c2670748
...@@ -312,6 +312,9 @@ func (s *APIV1Service) DeleteUser(c echo.Context) error { ...@@ -312,6 +312,9 @@ func (s *APIV1Service) DeleteUser(c echo.Context) error {
if err != nil { if err != nil {
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("id"))).SetInternal(err) return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("id"))).SetInternal(err)
} }
if currentUserID == userID {
return echo.NewHTTPError(http.StatusBadRequest, "Cannot delete current user")
}
if err := s.Store.DeleteUser(ctx, &store.DeleteUser{ if err := s.Store.DeleteUser(ctx, &store.DeleteUser{
ID: userID, ID: userID,
...@@ -371,6 +374,9 @@ func (s *APIV1Service) UpdateUser(c echo.Context) error { ...@@ -371,6 +374,9 @@ func (s *APIV1Service) UpdateUser(c echo.Context) error {
if request.RowStatus != nil { if request.RowStatus != nil {
rowStatus := store.RowStatus(request.RowStatus.String()) rowStatus := store.RowStatus(request.RowStatus.String())
userUpdate.RowStatus = &rowStatus userUpdate.RowStatus = &rowStatus
if rowStatus == store.Archived && currentUserID == userID {
return echo.NewHTTPError(http.StatusBadRequest, "Cannot archive current user")
}
} }
if request.Username != nil { if request.Username != nil {
if !usernameMatcher.MatchString(strings.ToLower(*request.Username)) { if !usernameMatcher.MatchString(strings.ToLower(*request.Username)) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment