From a8612d9609266a3c8cf659abb0413c06dfacfeb5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20B=C3=B6hmer?= Date: Thu, 19 Sep 2019 13:49:10 +0200 Subject: [PATCH] Forbid to delete the anonymous user. --- src/Controller/UserController.php | 3 +++ templates/AdminPages/_delete_form.html.twig | 3 ++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/Controller/UserController.php b/src/Controller/UserController.php index ec61210b..c5066681 100644 --- a/src/Controller/UserController.php +++ b/src/Controller/UserController.php @@ -89,6 +89,9 @@ class UserController extends AdminPages\BaseAdminController */ public function delete(Request $request, User $entity, StructuralElementRecursionHelper $recursionHelper) { + if ($entity->getID() == User::ID_ANONYMOUS) { + throw new \InvalidArgumentException('You can not delete the anonymous user! It is needed for permission checking without a logged in user'); + } return $this->_delete($request, $entity, $recursionHelper); } diff --git a/templates/AdminPages/_delete_form.html.twig b/templates/AdminPages/_delete_form.html.twig index 4f708258..e24294ae 100644 --- a/templates/AdminPages/_delete_form.html.twig +++ b/templates/AdminPages/_delete_form.html.twig @@ -6,7 +6,8 @@
- + {% set delete_disabled = (not is_granted("delete", entity)) or (entity.group is defined and entity.id == 1) %} + {% if entity.parent is defined %}