- def right_delete(conn, %{"right" => right, "nickname" => nickname})
- when right in ["moderator", "admin"] do
- user = User.get_by_nickname(nickname)
+ def right_delete(
+ %{assigns: %{user: %User{:nickname => admin_nickname}}} = conn,
+ %{
+ "permission_group" => permission_group,
+ "nickname" => nickname
+ }
+ )
+ when permission_group in ["moderator", "admin"] do
+ if admin_nickname == nickname do
+ conn
+ |> put_status(403)
+ |> json(%{error: "You can't revoke your own admin status."})
+ else
+ user = User.get_by_nickname(nickname)