fix: allow deleting the user's own account (#5820)
This commit is contained in:
Ariel Leyva
@@ -21,7 +21,7 @@ var (
|
||||
ErrPermissionDenied = errors.New("permission denied")
|
||||
ErrInvalidRequestParams = errors.New("invalid request params")
|
||||
ErrSourceIsParent = errors.New("source is parent")
|
||||
ErrRootUserDeletion = errors.New("user with id 1 can't be deleted")
|
||||
ErrRootUserDeletion = errors.New("the sole admin can't be deleted")
|
||||
ErrCurrentPasswordIncorrect = errors.New("the current password is incorrect")
|
||||
)
|
||||
|
||||
|
||||
@@ -59,6 +59,7 @@ import { useRoute, useRouter } from "vue-router";
|
||||
import { useI18n } from "vue-i18n";
|
||||
import { StatusError } from "@/api/utils";
|
||||
import { authMethod } from "@/utils/constants";
|
||||
import { logout } from "@/utils/auth";
|
||||
|
||||
const error = ref<StatusError>();
|
||||
const originalUser = ref<IUser>();
|
||||
@@ -144,7 +145,11 @@ const deleteUser = async (currentPassword: string) => {
|
||||
}
|
||||
try {
|
||||
await api.remove(user.value.id, currentPassword);
|
||||
router.push({ path: "/settings/users" });
|
||||
if (user.value.id == authStore.user?.id) {
|
||||
logout();
|
||||
} else {
|
||||
router.push({ path: "/settings/users" });
|
||||
}
|
||||
$showSuccess(t("settings.userDeleted"));
|
||||
} catch (err) {
|
||||
if (err instanceof StatusError) {
|
||||
|
||||
@@ -6,6 +6,7 @@ import (
|
||||
"reflect"
|
||||
|
||||
"github.com/asdine/storm/v3"
|
||||
bolt "go.etcd.io/bbolt"
|
||||
|
||||
fberrors "github.com/filebrowser/filebrowser/v2/errors"
|
||||
"github.com/filebrowser/filebrowser/v2/users"
|
||||
@@ -93,3 +94,29 @@ func (st usersBackend) DeleteByUsername(username string) error {
|
||||
|
||||
return st.db.DeleteStruct(user)
|
||||
}
|
||||
|
||||
func (st usersBackend) CountAdmins() (int, error) {
|
||||
count := 0
|
||||
|
||||
err := st.db.Bolt.View(func(tx *bolt.Tx) error {
|
||||
bucket := tx.Bucket([]byte(reflect.TypeOf(users.User{}).Name()))
|
||||
if bucket == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
c := bucket.Cursor()
|
||||
for _, v := c.First(); v != nil; _, v = c.Next() {
|
||||
var u users.User
|
||||
if err := st.db.Codec().Unmarshal(v, &u); err != nil {
|
||||
return err
|
||||
}
|
||||
if u.Perm.Admin {
|
||||
count++
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
})
|
||||
|
||||
return count, err
|
||||
}
|
||||
|
||||
@@ -15,6 +15,7 @@ type StorageBackend interface {
|
||||
Update(u *User, fields ...string) error
|
||||
DeleteByID(uint) error
|
||||
DeleteByUsername(string) error
|
||||
CountAdmins() (int, error)
|
||||
}
|
||||
|
||||
type Store interface {
|
||||
@@ -108,14 +109,20 @@ func (s *Storage) Delete(id interface{}) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if user.ID == 1 {
|
||||
if s.IsUniqueAdmin(user) {
|
||||
return fberrors.ErrRootUserDeletion
|
||||
}
|
||||
|
||||
return s.back.DeleteByUsername(id)
|
||||
case uint:
|
||||
if id == 1 {
|
||||
user, err := s.back.GetBy(id)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if s.IsUniqueAdmin(user) {
|
||||
return fberrors.ErrRootUserDeletion
|
||||
}
|
||||
|
||||
return s.back.DeleteByID(id)
|
||||
default:
|
||||
return fberrors.ErrInvalidDataType
|
||||
@@ -131,3 +138,15 @@ func (s *Storage) LastUpdate(id uint) int64 {
|
||||
}
|
||||
return 0
|
||||
}
|
||||
|
||||
func (s *Storage) IsUniqueAdmin(user *User) bool {
|
||||
if !user.Perm.Admin {
|
||||
return false
|
||||
}
|
||||
|
||||
count, err := s.back.CountAdmins()
|
||||
if err != nil {
|
||||
return true
|
||||
}
|
||||
return count <= 1
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user