Merge remote-tracking branch 'origin/master' into develop

install/package.json

@@ -148,7 +148,7 @@
         "zxcvbn": "4.4.2"
     },
     "devDependencies": {
-        "@apidevtools/swagger-parser": "10.0.3",
+        "@apidevtools/swagger-parser": "9.0.0",
         "@commitlint/cli": "17.4.1",
         "@commitlint/config-angular": "17.4.0",
         "coveralls": "3.1.1",

src/api/users.js

@@ -307,18 +307,17 @@ async function isPrivilegedOrSelfAndPasswordMatch(caller, data) {
 async function processDeletion({ uid, method, password, caller }) {
 	const isTargetAdmin = await user.isAdministrator(uid);
 	const isSelf = parseInt(uid, 10) === parseInt(caller.uid, 10);
-	const isAdmin = await user.isAdministrator(caller.uid);
+	const hasAdminPrivilege = await privileges.admin.can('admin:users', caller.uid);
 
 	if (isSelf && meta.config.allowAccountDelete !== 1) {
 		throw new Error('[[error:account-deletion-disabled]]');
-	} else if (!isSelf && !isAdmin) {
+	} else if (!isSelf && !hasAdminPrivilege) {
 		throw new Error('[[error:no-privileges]]');
 	} else if (isTargetAdmin) {
 		throw new Error('[[error:cant-delete-admin]');
 	}
 
 	// Privilege checks -- only deleteAccount is available for non-admins
-	const hasAdminPrivilege = await privileges.admin.can('admin:users', caller.uid);
 	if (!hasAdminPrivilege && ['delete', 'deleteContent'].includes(method)) {
 		throw new Error('[[error:no-privileges]]');
 	}

src/privileges/admin.js

@@ -66,6 +66,7 @@ privsAdmin.routeMap = {
 	uploadDefaultAvatar: 'admin:settings',
 };
 privsAdmin.routePrefixMap = {
+	'dashboard/': 'admin:dashboard',
 	'manage/categories/': 'admin:categories',
 	'manage/privileges/': 'admin:privileges',
 	'manage/groups/': 'admin:groups',