protect admin user from deletion
This commit is contained in:
parent
e3aa537898
commit
907374b1c1
1 changed files with 6 additions and 0 deletions
|
@ -44,6 +44,12 @@ export class UserEndpoint extends ScimEndpoint implements IScimEndpoint {
|
||||||
}
|
}
|
||||||
|
|
||||||
public async _delete(ctx: Context): Promise<IApiResponse> {
|
public async _delete(ctx: Context): Promise<IApiResponse> {
|
||||||
|
if (ctx.id() === (await ctx.rc.getUserId())) {
|
||||||
|
throw new SCIMError()
|
||||||
|
.setStatus(HttpStatusCode.FORBIDDEN)
|
||||||
|
.setScimType(SCIMErrorType.MUTABILITY)
|
||||||
|
.setDetail("The admin user can't be deleted");
|
||||||
|
}
|
||||||
const o = await ctx.rc.user.delete({
|
const o = await ctx.rc.user.delete({
|
||||||
userId: ctx.id(),
|
userId: ctx.id(),
|
||||||
confirmRelinquish: true,
|
confirmRelinquish: true,
|
||||||
|
|
Reference in a new issue