Mirrors/Part-DB-server
2
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2026-03-03 22:15:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

Forbid a user to delete himself on the admin page

Browse Source
This commit is contained in:
Jan Böhmer
2023-10-24 13:32:44 +02:00
parent 9fd3012c27
commit 388d26fa05
2 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/Controller/UserController.php
View File

@@ -169,8 +169,14 @@ class UserController extends BaseAdminController
#[Route(path: '/{id}', name: 'user_delete', methods: ['DELETE'], requirements: ['id' => '\d+'])]
public function delete(Request $request, User $entity, StructuralElementRecursionHelper $recursionHelper): RedirectResponse
{
//Disallow deleting the anonymous user
if (User::ID_ANONYMOUS === $entity->getID()) {
throw new InvalidArgumentException('You can not delete the anonymous user! It is needed for permission checking without a logged in user');
throw new \LogicException('You can not delete the anonymous user! It is needed for permission checking without a logged in user');
}
//Disallow deleting the current logged-in user
if ($entity === $this->getUser()) {
throw new \LogicException('You can not delete your own user account!');
}
return $this->_delete($request, $entity, $recursionHelper);