lib/pleroma/web/admin_api/admin_api_controller.ex: An admin cannot un-admin themselves

This commit is contained in:
Haelwenn (lanodan) Monnier 2018-11-10 14:42:34 +01:00
parent a87ed2fad6
commit f9d05902fe
No known key found for this signature in database
GPG key ID: D5B7A8E43C997DEE

View file

@ -68,8 +68,19 @@ def right_add(conn, _) do
|> json(%{error: "No such right"}) |> json(%{error: "No such right"})
end end
def right_delete(conn, %{"right" => right, "nickname" => nickname}) def right_delete(
%{assigns: %{user: %User{:nickname => admin_nickname}}} = conn,
%{
"right" => right,
"nickname" => nickname
}
)
when right in ["moderator", "admin"] do when right in ["moderator", "admin"] do
if admin_nickname == nickname do
conn
|> post_status(403)
|> json(%{error: "You can't revoke your own admin status."})
else
user = User.get_by_nickname(nickname) user = User.get_by_nickname(nickname)
info = info =
@ -82,6 +93,7 @@ def right_delete(conn, %{"right" => right, "nickname" => nickname})
conn conn
|> json(user.info) |> json(user.info)
end end
end
def right_delete(conn, _) do def right_delete(conn, _) do
conn conn