Add backend check for self unadmining
This commit is contained in:
parent
1f45a3fb84
commit
30433e5985
1 changed files with 6 additions and 1 deletions
|
@ -1,5 +1,5 @@
|
||||||
import {Count, CountSchema, Filter, FilterExcludingWhere, repository, Where,} from '@loopback/repository';
|
import {Count, CountSchema, Filter, FilterExcludingWhere, repository, Where,} from '@loopback/repository';
|
||||||
import {del, get, getModelSchemaRef, param, patch, post, Request, requestBody, response, RestBindings,} from '@loopback/rest';
|
import { del, get, getModelSchemaRef, HttpErrors, param, patch, post, Request, requestBody, response, RestBindings, } from '@loopback/rest';
|
||||||
import {User} from '../models';
|
import {User} from '../models';
|
||||||
import {UserRepository} from '../repositories';
|
import {UserRepository} from '../repositories';
|
||||||
import {
|
import {
|
||||||
|
@ -197,6 +197,11 @@ export class UserController {
|
||||||
})
|
})
|
||||||
user: User,
|
user: User,
|
||||||
): Promise<void> {
|
): Promise<void> {
|
||||||
|
if(id === +this.user.id) {
|
||||||
|
const loggedInUser = await this.userService.findUserById(this.user.id);
|
||||||
|
if(user.isAdmin !== undefined && loggedInUser.isAdmin !== user.isAdmin)
|
||||||
|
throw new HttpErrors.BadRequest('Cannot change admin status of self');
|
||||||
|
}
|
||||||
await this.userRepository.updateById(id, user);
|
await this.userRepository.updateById(id, user);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue