aljaz/CTFd
1
0
Fork 0
mirror of https://github.com/aljazceru/CTFd.git synced 2025-12-18 14:34:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

Don't allow admins to delete themselves (#1759)

Browse Source 
* Don't allow admins to accidentally delete themselves
This commit is contained in:
Kevin Chung
2020-12-10 13:21:26 -05:00
committed by GitHub
parent 9374c2a0a8
commit eabf43f980
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
CTFd/api/v1/users.py
View File

@@ -250,6 +250,13 @@ class UserPublic(Resource):
responses={200: ("Success", "APISimpleSuccessResponse")}, responses={200: ("Success", "APISimpleSuccessResponse")},
) )
def delete(self, user_id): def delete(self, user_id):
# Admins should not be able to delete themselves
if user_id == session["id"]:
return (
{"success": False, "errors": {"id": "You cannot delete yourself"}},
400,
)
Notifications.query.filter_by(user_id=user_id).delete() Notifications.query.filter_by(user_id=user_id).delete()
Awards.query.filter_by(user_id=user_id).delete() Awards.query.filter_by(user_id=user_id).delete()
Unlocks.query.filter_by(user_id=user_id).delete() Unlocks.query.filter_by(user_id=user_id).delete()