From f5e3ed26b935730149c0c39f861b51103b14dd67 Mon Sep 17 00:00:00 2001 From: Ozzieisaacs Date: Mon, 10 Jun 2019 19:31:13 +0200 Subject: [PATCH] Fix for #935 --- cps/web.py | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/cps/web.py b/cps/web.py index 3fc27807..1a3849dd 100644 --- a/cps/web.py +++ b/cps/web.py @@ -3246,10 +3246,16 @@ def edit_user(user_id): if request.method == "POST": to_save = request.form.to_dict() if "delete" in to_save: - ub.session.query(ub.User).filter(ub.User.id == content.id).delete() - ub.session.commit() - flash(_(u"User '%(nick)s' deleted", nick=content.nickname), category="success") - return redirect(url_for('admin')) + if ub.session.query(ub.User).filter(and_(ub.User.role.op('&') + (ub.ROLE_ADMIN)== ub.ROLE_ADMIN, + ub.User.id != content.id)).count(): + ub.session.query(ub.User).filter(ub.User.id == content.id).delete() + ub.session.commit() + flash(_(u"User '%(nick)s' deleted", nick=content.nickname), category="success") + return redirect(url_for('admin')) + else: + flash(_(u"No admin user remaining, can't delete user", nick=content.nickname), category="error") + return redirect(url_for('admin')) else: if "password" in to_save and to_save["password"]: content.password = generate_password_hash(to_save["password"])