From f4f9d2fa32d73adc1528464808c9d54ee04d3f33 Mon Sep 17 00:00:00 2001 From: Mitch Roote Date: Mon, 25 Jan 2021 10:42:42 -0500 Subject: [PATCH 1/5] disable deleting single admin user --- src/api/auth.go | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/src/api/auth.go b/src/api/auth.go index f3836a3..1999900 100644 --- a/src/api/auth.go +++ b/src/api/auth.go @@ -2,6 +2,7 @@ package api import ( "encoding/base64" + "errors" "log" "net/http" @@ -102,7 +103,18 @@ func (a *Auth) checkPassword(username, password string) error { } func (a *Auth) deleteUser(username string) error { - result := a.db.Model(&User{}).Where(&User{Username: username}).Delete(&User{}) + var adminUserCount int64 + result := a.db.Where(&User{Role: "admin"}).Count(&adminUserCount) + if result.Error != nil { + log.Printf("Error retrieving admin user list from database: %s", result.Error) + return result.Error + } + + if adminUserCount <= 1 { + return errors.New("cannot delete single admin user") + } + + result = a.db.Model(&User{}).Where(&User{Username: username}).Delete(&User{}) if result.Error != nil { log.Printf("Error deleting user from database: %s", result.Error) return result.Error From 5d83e1f86afa8133414302f03f70659e8f9f0001 Mon Sep 17 00:00:00 2001 From: Mitch Roote Date: Mon, 25 Jan 2021 10:43:33 -0500 Subject: [PATCH 2/5] import regeneratorRuntime in user api --- ui/api/resources/user.js | 1 + 1 file changed, 1 insertion(+) diff --git a/ui/api/resources/user.js b/ui/api/resources/user.js index 5a2c884..15d2e3c 100644 --- a/ui/api/resources/user.js +++ b/ui/api/resources/user.js @@ -1,3 +1,4 @@ +import regeneratorRuntime from "regenerator-runtime"; import client from "../client"; export default { From bab4b071df158fdc887b4d2579370385c9500b4e Mon Sep 17 00:00:00 2001 From: Mitch Roote Date: Tue, 26 Jan 2021 20:32:07 -0500 Subject: [PATCH 3/5] Select users table in query --- src/api/auth.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/api/auth.go b/src/api/auth.go index 1999900..876b451 100644 --- a/src/api/auth.go +++ b/src/api/auth.go @@ -104,7 +104,7 @@ func (a *Auth) checkPassword(username, password string) error { func (a *Auth) deleteUser(username string) error { var adminUserCount int64 - result := a.db.Where(&User{Role: "admin"}).Count(&adminUserCount) + result := a.db.Model(&User{}).Where(&User{Role: "admin"}).Count(&adminUserCount) if result.Error != nil { log.Printf("Error retrieving admin user list from database: %s", result.Error) return result.Error From 2fa1d54e1593c7d8b52254324f6a7818eac81064 Mon Sep 17 00:00:00 2001 From: Mitch Roote Date: Sat, 30 Jan 2021 21:56:42 -0500 Subject: [PATCH 4/5] Allow deleting regular user if single admin exists --- src/api/auth.go | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/src/api/auth.go b/src/api/auth.go index 876b451..26e1eed 100644 --- a/src/api/auth.go +++ b/src/api/auth.go @@ -103,18 +103,22 @@ func (a *Auth) checkPassword(username, password string) error { } func (a *Auth) deleteUser(username string) error { - var adminUserCount int64 - result := a.db.Model(&User{}).Where(&User{Role: "admin"}).Count(&adminUserCount) - if result.Error != nil { - log.Printf("Error retrieving admin user list from database: %s", result.Error) - return result.Error + adminUsers := []User{} + adminQuery := a.db.Find(&User{}).Where(&User{Role: "admin"}).Find(&adminUsers) + if adminQuery.Error != nil { + log.Printf("Error retrieving admin user list from database: %s", adminQuery.Error) + return adminQuery.Error } - if adminUserCount <= 1 { - return errors.New("cannot delete single admin user") + for _, user := range adminUsers { + if user.Username == username { + if adminQuery.RowsAffected == 1 { + return errors.New("cannot delete single admin user") + } + } } - result = a.db.Model(&User{}).Where(&User{Username: username}).Delete(&User{}) + result := a.db.Model(&User{}).Where(&User{Username: username}).Delete(&User{}) if result.Error != nil { log.Printf("Error deleting user from database: %s", result.Error) return result.Error From b826be37b7cf0305a269834b55702bc86317a5bb Mon Sep 17 00:00:00 2001 From: Mitch Roote Date: Sat, 30 Jan 2021 22:00:09 -0500 Subject: [PATCH 5/5] remove regeneratorRuntime import --- ui/api/resources/user.js | 1 - 1 file changed, 1 deletion(-) diff --git a/ui/api/resources/user.js b/ui/api/resources/user.js index 15d2e3c..5a2c884 100644 --- a/ui/api/resources/user.js +++ b/ui/api/resources/user.js @@ -1,4 +1,3 @@ -import regeneratorRuntime from "regenerator-runtime"; import client from "../client"; export default {