protect admin user from deletion

This commit is contained in:
Hugo Renard 2022-03-17 11:33:31 +01:00
parent e3aa537898
commit 907374b1c1
Signed by: hougo
GPG key ID: 3A285FD470209C59

View file

@ -44,6 +44,12 @@ export class UserEndpoint extends ScimEndpoint implements IScimEndpoint {
}
public async _delete(ctx: Context): Promise<IApiResponse> {
if (ctx.id() === (await ctx.rc.getUserId())) {
throw new SCIMError()
.setStatus(HttpStatusCode.FORBIDDEN)
.setScimType(SCIMErrorType.MUTABILITY)
.setDetail("The admin user can't be deleted");
}
const o = await ctx.rc.user.delete({
userId: ctx.id(),
confirmRelinquish: true,