hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: , allow users with admin:users privilege to delete users in acp

Browse Source
isekai-main
Barış Soner Uşaklı
parent 7d04e95226
commit 0bffd3d93c
1 changed files with 2 additions and 3 deletions

5
src/api/users.js
Unescape Escape View File

@ -307,18 +307,17 @@ async function isPrivilegedOrSelfAndPasswordMatch(caller, data) {
async function processDeletion({ uid, method, password, caller }) { async function processDeletion({ uid, method, password, caller }) {
const isTargetAdmin = await user.isAdministrator(uid); const isTargetAdmin = await user.isAdministrator(uid);
const isSelf = parseInt(uid, 10) === parseInt(caller.uid, 10); const isSelf = parseInt(uid, 10) === parseInt(caller.uid, 10);
const isAdmin = await user.isAdministrator(caller.uid); const hasAdminPrivilege = await privileges.admin.can('admin:users', caller.uid);
if (isSelf && meta.config.allowAccountDelete !== 1) { if (isSelf && meta.config.allowAccountDelete !== 1) {
throw new Error('[[error:account-deletion-disabled]]'); throw new Error('[[error:account-deletion-disabled]]');
} else if (!isSelf && !isAdmin) { } else if (!isSelf && !hasAdminPrivilege) {
throw new Error('[[error:no-privileges]]'); throw new Error('[[error:no-privileges]]');
} else if (isTargetAdmin) { } else if (isTargetAdmin) {
throw new Error('[[error:cant-delete-admin]'); throw new Error('[[error:cant-delete-admin]');
} }
// Privilege checks -- only deleteAccount is available for non-admins // Privilege checks -- only deleteAccount is available for non-admins
const hasAdminPrivilege = await privileges.admin.can('admin:users', caller.uid);
if (!hasAdminPrivilege && ['delete', 'deleteContent'].includes(method)) { if (!hasAdminPrivilege && ['delete', 'deleteContent'].includes(method)) {
throw new Error('[[error:no-privileges]]'); throw new Error('[[error:no-privileges]]');
} }

Write Preview
Loading…
Cancel
Save