projects
/
akkoma
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
lib/pleroma/web/admin_api/admin_api_controller.ex: An admin cannot un-admin themselves
[akkoma]
/
lib
/
pleroma
/
web
/
admin_api
/
admin_api_controller.ex
diff --git
a/lib/pleroma/web/admin_api/admin_api_controller.ex
b/lib/pleroma/web/admin_api/admin_api_controller.ex
index 17f5f320d8d23ecac111086087c979fc3a051d36..c1df2d5703be116e19f2c5c0de17d1795700f400 100644
(file)
--- a/
lib/pleroma/web/admin_api/admin_api_controller.ex
+++ b/
lib/pleroma/web/admin_api/admin_api_controller.ex
@@
-20,10
+20,9
@@
defmodule Pleroma.Web.AdminAPI.AdminAPIController do
|> json(nickname)
end
|> json(nickname)
end
- def user_create(
- conn,
- %{user: %{"nickname" => nickname, "email" => email, "password" => password} = user}
- ) do
+ def user_create(conn, %{
+ user: %{"nickname" => nickname, "email" => email, "password" => password} = user
+ }) do
new_user = %User{
nickname: nickname,
name: user.name || nickname,
new_user = %User{
nickname: nickname,
name: user.name || nickname,
@@
-69,19
+68,31
@@
defmodule Pleroma.Web.AdminAPI.AdminAPIController do
|> json(%{error: "No such right"})
end
|> json(%{error: "No such right"})
end
- def right_delete(conn, %{"right" => right, "nickname" => nickname})
+ def right_delete(
+ %{assigns: %{user: %User{:nickname => admin_nickname}}} = conn,
+ %{
+ "right" => right,
+ "nickname" => nickname
+ }
+ )
when right in ["moderator", "admin"] do
when right in ["moderator", "admin"] do
- user = User.get_by_nickname(nickname)
+ if admin_nickname == nickname do
+ conn
+ |> post_status(403)
+ |> json(%{error: "You can't revoke your own admin status."})
+ else
+ user = User.get_by_nickname(nickname)
- info =
- user.info
- |> Map.put("is_" <> right, false)
+
info =
+
user.info
+
|> Map.put("is_" <> right, false)
- cng = User.info_changeset(user, %{info: info})
- {:ok, user} = User.update_and_set_cache(cng)
+
cng = User.info_changeset(user, %{info: info})
+
{:ok, user} = User.update_and_set_cache(cng)
- conn
- |> json(user.info)
+ conn
+ |> json(user.info)
+ end
end
def right_delete(conn, _) do
end
def right_delete(conn, _) do