aboutsummaryrefslogtreecommitdiff
path: root/src/api/routes
diff options
context:
space:
mode:
Diffstat (limited to 'src/api/routes')
-rw-r--r--src/api/routes/admin/userDemote.js3
-rw-r--r--src/api/routes/admin/userDisable.js1
-rw-r--r--src/api/routes/admin/userEnable.js1
-rw-r--r--src/api/routes/admin/userPromote.js1
4 files changed, 5 insertions, 1 deletions
diff --git a/src/api/routes/admin/userDemote.js b/src/api/routes/admin/userDemote.js
index fa288fc..b430a48 100644
--- a/src/api/routes/admin/userDemote.js
+++ b/src/api/routes/admin/userDemote.js
@@ -5,10 +5,11 @@ class userDemote extends Route {
super('/admin/users/demote', 'post', { adminOnly: true });
}
- async run(req, res, db) {
+ async run(req, res, db, user) {
if (!req.body) return res.status(400).json({ message: 'No body provided' });
const { id } = req.body;
if (!id) return res.status(400).json({ message: 'No id provided' });
+ if (id === user.id) return res.status(400).json({ message: 'You can\'t apply this action to yourself' });
try {
await db.table('users')
diff --git a/src/api/routes/admin/userDisable.js b/src/api/routes/admin/userDisable.js
index c7dffa8..65bcf4e 100644
--- a/src/api/routes/admin/userDisable.js
+++ b/src/api/routes/admin/userDisable.js
@@ -9,6 +9,7 @@ class userDisable extends Route {
if (!req.body) return res.status(400).json({ message: 'No body provided' });
const { id } = req.body;
if (!id) return res.status(400).json({ message: 'No id provided' });
+ if (id === user.id) return res.status(400).json({ message: 'You can\'t apply this action to yourself' });
try {
await db.table('users')
diff --git a/src/api/routes/admin/userEnable.js b/src/api/routes/admin/userEnable.js
index 7e5743d..bdba7a6 100644
--- a/src/api/routes/admin/userEnable.js
+++ b/src/api/routes/admin/userEnable.js
@@ -9,6 +9,7 @@ class userEnable extends Route {
if (!req.body) return res.status(400).json({ message: 'No body provided' });
const { id } = req.body;
if (!id) return res.status(400).json({ message: 'No id provided' });
+ if (id === user.id) return res.status(400).json({ message: 'You can\'t apply this action to yourself' });
try {
await db.table('users')
diff --git a/src/api/routes/admin/userPromote.js b/src/api/routes/admin/userPromote.js
index 4062dfa..6534d16 100644
--- a/src/api/routes/admin/userPromote.js
+++ b/src/api/routes/admin/userPromote.js
@@ -9,6 +9,7 @@ class userPromote extends Route {
if (!req.body) return res.status(400).json({ message: 'No body provided' });
const { id } = req.body;
if (!id) return res.status(400).json({ message: 'No id provided' });
+ if (id === user.id) return res.status(400).json({ message: 'You can\'t apply this action to yourself' });
try {
await db.table('users')
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-15 19:55:53 +0000