Forbid removing the last admin user (#28337)

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-01-15 15:51:43 +09:00 · 2024-01-15 15:51:43 +09:00 · ce0225c1b8
commit ce0225c1b8
parent b820019fec
8 changed files with 80 additions and 7 deletions
--- a/routers/web/user/setting/account.go
+++ b/routers/web/user/setting/account.go
@ -244,6 +244,13 @@ func DeleteAccount(ctx *context.Context) {
 		return
 	}

+	// admin should not delete themself
+	if ctx.Doer.IsAdmin {
+		ctx.Flash.Error(ctx.Tr("form.admin_cannot_delete_self"))
+		ctx.Redirect(setting.AppSubURL + "/user/settings/account")
+		return
+	}
+
 	if err := user.DeleteUser(ctx, ctx.Doer, false); err != nil {
 		switch {
 		case models.IsErrUserOwnRepos(err):
@ -255,6 +262,9 @@ func DeleteAccount(ctx *context.Context) {
 		case models.IsErrUserOwnPackages(err):
 			ctx.Flash.Error(ctx.Tr("form.still_own_packages"))
 			ctx.Redirect(setting.AppSubURL + "/user/settings/account")
+		case models.IsErrDeleteLastAdminUser(err):
+			ctx.Flash.Error(ctx.Tr("auth.last_admin"))
+			ctx.Redirect(setting.AppSubURL + "/user/settings/account")
 		default:
 			ctx.ServerError("DeleteUser", err)
 		}