Merge pull request #657 from ywk253100/user

sys admin can not delete himself - API update
2024-09-20 19:29:54 +00:00 · 2016-08-08 14:18:17 +08:00 · 2016-08-08 14:18:17 +08:00 · 475c812d9a
commit 475c812d9a
parent f69c4b67a7 5079a8d20c
1 changed files with 5 additions and 0 deletions
--- a/api/user.go
+++ b/api/user.go
@ -239,6 +239,11 @@ func (ua *UserAPI) Delete() {
 		ua.RenderError(http.StatusForbidden, "User does not have admin role")
 		return
 	}
+
+	if ua.currentUserID == ua.userID {
+		ua.CustomAbort(http.StatusForbidden, "can not delete yourself")
+	}
+
 	var err error
 	err = dao.DeleteUser(ua.userID)
 	if err != nil {