avoid deletion of (super)admin with id 1 due to fallbacks in the code using it; fixes #886

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>

lib/Froxlor/Api/Commands/Admins.php

@@ -713,6 +713,10 @@ class Admins extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 			if ($id == $this->getUserDetail('adminid')) {
 				\Froxlor\UI\Response::standard_error('youcantdeleteyourself', '', true);
 			}
+			// can't delete the first superadmin
+			if ($id == 1) {
+				\Froxlor\UI\Response::standard_error('cannotdeletesuperadmin', '', true);
+			}
 
 			// delete admin
 			$del_stmt = Database::prepare("

tests/Admins/AdminsTest.php

@@ -355,4 +355,16 @@ class AdminsTest extends TestCase
 			'loginname' => 'admin'
 		))->update();
 	}
+
+	public function testAdminsAdminsCannotDeleteFirstAdmin()
+	{
+		global $admin_userdata;
+		$testadmin_userdata = $admin_userdata;
+		$testadmin_userdata['adminid'] = 10;
+
+		$this->expectExceptionMessage("The first admin cannot be deleted.");
+		Admins::getLocal($testadmin_userdata, array(
+			'loginname' => 'admin'
+		))->delete();
+	}
 }