maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

avoid deletion of (super)admin with id 1 due to fallbacks in the code using it; fixes #886

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2020-10-31 10:02:11 +01:00
parent 36eb3cc1aa
commit c79cba26f3
2 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/Froxlor/Api/Commands/Admins.php
View File

@@ -713,6 +713,10 @@ class Admins extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
if ($id == $this->getUserDetail('adminid')) { if ($id == $this->getUserDetail('adminid')) {
\Froxlor\UI\Response::standard_error('youcantdeleteyourself', '', true); \Froxlor\UI\Response::standard_error('youcantdeleteyourself', '', true);
} }
// can't delete the first superadmin
if ($id == 1) {
\Froxlor\UI\Response::standard_error('cannotdeletesuperadmin', '', true);
}
// delete admin // delete admin
$del_stmt = Database::prepare(" $del_stmt = Database::prepare("

12
tests/Admins/AdminsTest.php
View File

@@ -355,4 +355,16 @@ class AdminsTest extends TestCase
'loginname' => 'admin' 'loginname' => 'admin'
))->update(); ))->update();
} }
public function testAdminsAdminsCannotDeleteFirstAdmin()
{
global $admin_userdata;
$testadmin_userdata = $admin_userdata;
$testadmin_userdata['adminid'] = 10;
$this->expectExceptionMessage("The first admin cannot be deleted.");
Admins::getLocal($testadmin_userdata, array(
'loginname' => 'admin'
))->delete();
}
} }