protect admin user from deletion
This commit is contained in:
parent
e3aa537898
commit
907374b1c1
1 changed files with 6 additions and 0 deletions
|
@ -44,6 +44,12 @@ export class UserEndpoint extends ScimEndpoint implements IScimEndpoint {
|
|||
}
|
||||
|
||||
public async _delete(ctx: Context): Promise<IApiResponse> {
|
||||
if (ctx.id() === (await ctx.rc.getUserId())) {
|
||||
throw new SCIMError()
|
||||
.setStatus(HttpStatusCode.FORBIDDEN)
|
||||
.setScimType(SCIMErrorType.MUTABILITY)
|
||||
.setDetail("The admin user can't be deleted");
|
||||
}
|
||||
const o = await ctx.rc.user.delete({
|
||||
userId: ctx.id(),
|
||||
confirmRelinquish: true,
|
||||
|
|
Reference in a new issue