From 30433e59852cf284c0ba45a2fe675f6d9e5a3c13 Mon Sep 17 00:00:00 2001
From: NorbiPeti <szatmari.norbert.peter@gmail.com>
Date: Wed, 2 Mar 2022 23:55:44 +0100
Subject: [PATCH] Add backend check for self unadmining

---
 backend/src/controllers/user.controller.ts | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/backend/src/controllers/user.controller.ts b/backend/src/controllers/user.controller.ts
index 49949cf..9f72dbd 100644
--- a/backend/src/controllers/user.controller.ts
+++ b/backend/src/controllers/user.controller.ts
@@ -1,5 +1,5 @@
 import {Count, CountSchema, Filter, FilterExcludingWhere, repository, Where,} from '@loopback/repository';
-import {del, get, getModelSchemaRef, param, patch, post, Request, requestBody, response, RestBindings,} from '@loopback/rest';
+import { del, get, getModelSchemaRef, HttpErrors, param, patch, post, Request, requestBody, response, RestBindings, } from '@loopback/rest';
 import {User} from '../models';
 import {UserRepository} from '../repositories';
 import {
@@ -197,6 +197,11 @@ export class UserController {
         })
             user: User,
     ): Promise<void> {
+        if(id === +this.user.id) {
+            const loggedInUser = await this.userService.findUserById(this.user.id);
+            if(user.isAdmin !== undefined && loggedInUser.isAdmin !== user.isAdmin)
+                throw new HttpErrors.BadRequest('Cannot change admin status of self');
+        }
         await this.userRepository.updateById(id, user);
     }