diff --git a/src/Controller/UserController.php b/src/Controller/UserController.php index d5190b97..97675d11 100644 --- a/src/Controller/UserController.php +++ b/src/Controller/UserController.php @@ -169,8 +169,14 @@ class UserController extends BaseAdminController #[Route(path: '/{id}', name: 'user_delete', methods: ['DELETE'], requirements: ['id' => '\d+'])] public function delete(Request $request, User $entity, StructuralElementRecursionHelper $recursionHelper): RedirectResponse { + //Disallow deleting the anonymous user if (User::ID_ANONYMOUS === $entity->getID()) { - throw new InvalidArgumentException('You can not delete the anonymous user! It is needed for permission checking without a logged in user'); + throw new \LogicException('You can not delete the anonymous user! It is needed for permission checking without a logged in user'); + } + + //Disallow deleting the current logged-in user + if ($entity === $this->getUser()) { + throw new \LogicException('You can not delete your own user account!'); } return $this->_delete($request, $entity, $recursionHelper); diff --git a/templates/admin/_delete_form.html.twig b/templates/admin/_delete_form.html.twig index 762b91b6..fd653256 100644 --- a/templates/admin/_delete_form.html.twig +++ b/templates/admin/_delete_form.html.twig @@ -6,7 +6,7 @@
- {% set delete_disabled = (not is_granted("delete", entity)) or (entity.group is defined and entity.id == 1) %} + {% set delete_disabled = (not is_granted("delete", entity)) or (entity.group is defined and entity.id == 1) or entity == app.user %}