fix: allow deleting the user's own account (#5820)
This commit is contained in:
Ariel Leyva
@@ -21,7 +21,7 @@ var (
|
|||||||
ErrPermissionDenied = errors.New("permission denied")
|
ErrPermissionDenied = errors.New("permission denied")
|
||||||
ErrInvalidRequestParams = errors.New("invalid request params")
|
ErrInvalidRequestParams = errors.New("invalid request params")
|
||||||
ErrSourceIsParent = errors.New("source is parent")
|
ErrSourceIsParent = errors.New("source is parent")
|
||||||
ErrRootUserDeletion = errors.New("user with id 1 can't be deleted")
|
ErrRootUserDeletion = errors.New("the sole admin can't be deleted")
|
||||||
ErrCurrentPasswordIncorrect = errors.New("the current password is incorrect")
|
ErrCurrentPasswordIncorrect = errors.New("the current password is incorrect")
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|||||||
@@ -59,6 +59,7 @@ import { useRoute, useRouter } from "vue-router";
|
|||||||
import { useI18n } from "vue-i18n";
|
import { useI18n } from "vue-i18n";
|
||||||
import { StatusError } from "@/api/utils";
|
import { StatusError } from "@/api/utils";
|
||||||
import { authMethod } from "@/utils/constants";
|
import { authMethod } from "@/utils/constants";
|
||||||
|
import { logout } from "@/utils/auth";
|
||||||
|
|
||||||
const error = ref<StatusError>();
|
const error = ref<StatusError>();
|
||||||
const originalUser = ref<IUser>();
|
const originalUser = ref<IUser>();
|
||||||
@@ -144,7 +145,11 @@ const deleteUser = async (currentPassword: string) => {
|
|||||||
}
|
}
|
||||||
try {
|
try {
|
||||||
await api.remove(user.value.id, currentPassword);
|
await api.remove(user.value.id, currentPassword);
|
||||||
|
if (user.value.id == authStore.user?.id) {
|
||||||
|
logout();
|
||||||
|
} else {
|
||||||
router.push({ path: "/settings/users" });
|
router.push({ path: "/settings/users" });
|
||||||
|
}
|
||||||
$showSuccess(t("settings.userDeleted"));
|
$showSuccess(t("settings.userDeleted"));
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
if (err instanceof StatusError) {
|
if (err instanceof StatusError) {
|
||||||
|
|||||||
@@ -6,6 +6,7 @@ import (
|
|||||||
"reflect"
|
"reflect"
|
||||||
|
|
||||||
"github.com/asdine/storm/v3"
|
"github.com/asdine/storm/v3"
|
||||||
|
bolt "go.etcd.io/bbolt"
|
||||||
|
|
||||||
fberrors "github.com/filebrowser/filebrowser/v2/errors"
|
fberrors "github.com/filebrowser/filebrowser/v2/errors"
|
||||||
"github.com/filebrowser/filebrowser/v2/users"
|
"github.com/filebrowser/filebrowser/v2/users"
|
||||||
@@ -93,3 +94,29 @@ func (st usersBackend) DeleteByUsername(username string) error {
|
|||||||
|
|
||||||
return st.db.DeleteStruct(user)
|
return st.db.DeleteStruct(user)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (st usersBackend) CountAdmins() (int, error) {
|
||||||
|
count := 0
|
||||||
|
|
||||||
|
err := st.db.Bolt.View(func(tx *bolt.Tx) error {
|
||||||
|
bucket := tx.Bucket([]byte(reflect.TypeOf(users.User{}).Name()))
|
||||||
|
if bucket == nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
c := bucket.Cursor()
|
||||||
|
for _, v := c.First(); v != nil; _, v = c.Next() {
|
||||||
|
var u users.User
|
||||||
|
if err := st.db.Codec().Unmarshal(v, &u); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if u.Perm.Admin {
|
||||||
|
count++
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
})
|
||||||
|
|
||||||
|
return count, err
|
||||||
|
}
|
||||||
|
|||||||
@@ -15,6 +15,7 @@ type StorageBackend interface {
|
|||||||
Update(u *User, fields ...string) error
|
Update(u *User, fields ...string) error
|
||||||
DeleteByID(uint) error
|
DeleteByID(uint) error
|
||||||
DeleteByUsername(string) error
|
DeleteByUsername(string) error
|
||||||
|
CountAdmins() (int, error)
|
||||||
}
|
}
|
||||||
|
|
||||||
type Store interface {
|
type Store interface {
|
||||||
@@ -108,14 +109,20 @@ func (s *Storage) Delete(id interface{}) error {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
if user.ID == 1 {
|
if s.IsUniqueAdmin(user) {
|
||||||
return fberrors.ErrRootUserDeletion
|
return fberrors.ErrRootUserDeletion
|
||||||
}
|
}
|
||||||
|
|
||||||
return s.back.DeleteByUsername(id)
|
return s.back.DeleteByUsername(id)
|
||||||
case uint:
|
case uint:
|
||||||
if id == 1 {
|
user, err := s.back.GetBy(id)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if s.IsUniqueAdmin(user) {
|
||||||
return fberrors.ErrRootUserDeletion
|
return fberrors.ErrRootUserDeletion
|
||||||
}
|
}
|
||||||
|
|
||||||
return s.back.DeleteByID(id)
|
return s.back.DeleteByID(id)
|
||||||
default:
|
default:
|
||||||
return fberrors.ErrInvalidDataType
|
return fberrors.ErrInvalidDataType
|
||||||
@@ -131,3 +138,15 @@ func (s *Storage) LastUpdate(id uint) int64 {
|
|||||||
}
|
}
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (s *Storage) IsUniqueAdmin(user *User) bool {
|
||||||
|
if !user.Perm.Admin {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
count, err := s.back.CountAdmins()
|
||||||
|
if err != nil {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
return count <= 1
|
||||||
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user