mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-22 09:53:35 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Forbid a user to delete himself on the admin page

Browse source
This commit is contained in:
Jan Böhmer 2023-10-24 13:32:44 +02:00
parent 9fd3012c27
commit 388d26fa05
2 changed files with 8 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/Controller/UserController.php
View file

@ -169,8 +169,14 @@ class UserController extends BaseAdminController
#[Route(path: '/{id}', name: 'user_delete', methods: ['DELETE'], requirements: ['id' => '\d+'])]
public function delete(Request $request, User $entity, StructuralElementRecursionHelper $recursionHelper): RedirectResponse
{
//Disallow deleting the anonymous user
if (User::ID_ANONYMOUS === $entity->getID()) {
throw new InvalidArgumentException('You can not delete the anonymous user! It is needed for permission checking without a logged in user');
throw new \LogicException('You can not delete the anonymous user! It is needed for permission checking without a logged in user');
}
//Disallow deleting the current logged-in user
if ($entity === $this->getUser()) {
throw new \LogicException('You can not delete your own user account!');
}
return $this->_delete($request, $entity, $recursionHelper);