github/paralus
1
0
Fork 0
mirror of https://github.com/paralus/paralus.git synced 2026-05-07 00:46:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Don't let users delete their own accounts

Browse Source
This commit is contained in:
Abin Simon
2022-05-24 12:27:41 +05:30
parent c576932eda
commit 446ae18798
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
pkg/service/user.go
View File

@@ -51,7 +51,7 @@ type UserService interface {
// Update UserGroup casbin for OIdC/Idp users
UpdateIdpUserGroupPolicy(context.Context, string, string, string) error
// Generate recovery link for users
ForgotPassword(context.Context, *userrpcv3.ForgotPasswordRequest) (*userrpcv3.ForgotPasswordResponse, error)
ForgotPassword(context.Context, *userrpcv3.ForgotPasswordRequest) (*userrpcv3.ForgotPasswordResponse, error)
}
type userService struct {
@@ -713,6 +713,16 @@ func (s *userService) Delete(ctx context.Context, user *userv3.User) (*userrpcv3
return &userrpcv3.DeleteUserResponse{}, fmt.Errorf("no user founnd with username '%v'", name)
}
sd, ok := GetSessionDataFromContext(ctx)
if !ok {
if err != nil {
return &userrpcv3.DeleteUserResponse{}, fmt.Errorf("unable to delete user without auth")
}
}
if sd.Username == name {
return &userrpcv3.DeleteUserResponse{}, fmt.Errorf("you cannot delete your own account")
}
if usr, ok := entity.(*models.KratosIdentities); ok {
tx, err := s.db.BeginTx(ctx, &sql.TxOptions{})