Disallow to delete administrator

2024-12-03 05:50:25 +08:00 · 2018-08-02 10:21:25 +08:00 · 2018-08-02 10:21:25 +08:00 · 5788fb93c1
commit 5788fb93c1
parent 7e72e3c01b
2 changed files with 15 additions and 0 deletions
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@ -167,9 +167,14 @@ class UserController extends Controller
                    'password' => 'required|min:6|max:32'
                ]);

+                if ($user->isAdmin())
+                    return json(trans('user.profile.delete.admin'), 1);
+
                if (! $user->verifyPassword($request->input('password')))
                    return json(trans('user.profile.delete.wrong-password'), 1);
+
                Auth::logout();
+
                if ($user->delete()) {
                    session()->flush();

--- a/tests/UserControllerTest.php
+++ b/tests/UserControllerTest.php
@ -382,6 +382,16 @@ class UserControllerTest extends TestCase
            'msg' => trans('user.profile.delete.success')
        ]);
        $this->assertNull(User::find($user->uid));
+
+        // Administrator cannot be deleted
+        $this->actAs('admin')
+            ->postJson('/user/profile', [
+            'action' => 'delete',
+            'password' => '87654321'
+        ])->assertJson([
+            'errno' => 1,
+            'msg' => trans('user.profile.delete.admin')
+        ]);
    }

    public function testSetAvatar()