jostreff/wireguard-ui
1
0
Fork 0
mirror of https://github.com/ngoduykhanh/wireguard-ui.git synced 2025-04-21 20:12:33 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #7 from armisss4/User-control-patch

Browse source 
User control patch
This commit is contained in:
Arminas 2023-01-04 13:08:35 +02:00 committed by GitHub
commit 352e0e4e0e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
handler/routes.go
View file

@ -215,7 +215,10 @@ func UpdateUser(db store.IStore) echo.HandlerFunc {
} }
user.PasswordHash = hash user.PasswordHash = hash
} }
user.Admin = admin
if previousUsername != currentUser(c) {
user.Admin = admin
}
if err := db.DeleteUser(previousUsername); err != nil { if err := db.DeleteUser(previousUsername); err != nil {
return c.JSON(http.StatusInternalServerError, jsonHTTPResponse{false, err.Error()}) return c.JSON(http.StatusInternalServerError, jsonHTTPResponse{false, err.Error()})
@ -289,6 +292,10 @@ func RemoveUser(db store.IStore) echo.HandlerFunc {
} }
username := data["username"].(string) username := data["username"].(string)
if username == currentUser(c) {
return c.JSON(http.StatusForbidden, jsonHTTPResponse{false, "User cannot delete itself"})
}
// delete user from database // delete user from database
if err := db.DeleteUser(username); err != nil { if err := db.DeleteUser(username); err != nil {
@ -297,10 +304,7 @@ func RemoveUser(db store.IStore) echo.HandlerFunc {
} }
log.Infof("Removed user: %s", username) log.Infof("Removed user: %s", username)
if username == currentUser(c) {
log.Infof("You removed yourself, killing session")
clearSession(c)
}
return c.JSON(http.StatusOK, jsonHTTPResponse{true, "User removed"}) return c.JSON(http.StatusOK, jsonHTTPResponse{true, "User removed"})
} }
} }