lib/pleroma/web/admin_api/admin_api_controller.ex: An admin cannot un-admin themselves

This commit is contained in:
Haelwenn (lanodan) Monnier 2018-11-10 14:42:34 +01:00
parent a87ed2fad6
commit f9d05902fe
No known key found for this signature in database
GPG key ID: D5B7A8E43C997DEE

View file

@ -68,19 +68,31 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
|> json(%{error: "No such right"}) |> json(%{error: "No such right"})
end end
def right_delete(conn, %{"right" => right, "nickname" => nickname}) def right_delete(
%{assigns: %{user: %User{:nickname => admin_nickname}}} = conn,
%{
"right" => right,
"nickname" => nickname
}
)
when right in ["moderator", "admin"] do when right in ["moderator", "admin"] do
user = User.get_by_nickname(nickname) if admin_nickname == nickname do
conn
|> post_status(403)
|> json(%{error: "You can't revoke your own admin status."})
else
user = User.get_by_nickname(nickname)
info = info =
user.info user.info
|> Map.put("is_" <> right, false) |> Map.put("is_" <> right, false)
cng = User.info_changeset(user, %{info: info}) cng = User.info_changeset(user, %{info: info})
{:ok, user} = User.update_and_set_cache(cng) {:ok, user} = User.update_and_set_cache(cng)
conn conn
|> json(user.info) |> json(user.info)
end
end end
def right_delete(conn, _) do def right_delete(conn, _) do