From b6eb0462448b5200161b7ac2667ec280ef3be1bd Mon Sep 17 00:00:00 2001
From: Arminas <armisss4@gmail.com>
Date: Wed, 4 Jan 2023 12:54:23 +0200
Subject: [PATCH] Revert "User control patch"

---
 handler/routes.go | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/handler/routes.go b/handler/routes.go
index 89dc341..7db2a9e 100644
--- a/handler/routes.go
+++ b/handler/routes.go
@@ -215,10 +215,7 @@ func UpdateUser(db store.IStore) echo.HandlerFunc {
 			}
 			user.PasswordHash = hash
 		}
-
-		if previousUsername != currentUser(c) {
-			user.Admin = admin
-		}
+		user.Admin = admin
 
 		if err := db.DeleteUser(previousUsername); err != nil {
 			return c.JSON(http.StatusInternalServerError, jsonHTTPResponse{false, err.Error()})
@@ -292,10 +289,6 @@ func RemoveUser(db store.IStore) echo.HandlerFunc {
 		}
 
 		username := data["username"].(string)
-
-		if username == currentUser(c) {
-			return c.JSON(http.StatusForbidden, jsonHTTPResponse{false, "User cannot delete itself"})
-		}
 		// delete user from database
 
 		if err := db.DeleteUser(username); err != nil {
@@ -304,7 +297,10 @@ func RemoveUser(db store.IStore) echo.HandlerFunc {
 		}
 
 		log.Infof("Removed user: %s", username)
-
+		if username == currentUser(c) {
+			log.Infof("You removed yourself, killing session")
+			clearSession(c)
+		}
 		return c.JSON(http.StatusOK, jsonHTTPResponse{true, "User removed"})
 	}
 }