diff --git a/api/kiwi_vpn_api/routers/_common.py b/api/kiwi_vpn_api/routers/_common.py index 81f74ee..528a83a 100644 --- a/api/kiwi_vpn_api/routers/_common.py +++ b/api/kiwi_vpn_api/routers/_common.py @@ -52,6 +52,10 @@ class Responses: "description": "Entry does not exist in database", "content": None, } + CANT_TARGET_SELF = { + "description": "Operation can't target yourself", + "content": None, + } async def get_current_user( diff --git a/api/kiwi_vpn_api/routers/user.py b/api/kiwi_vpn_api/routers/user.py index 92ce8ec..5a07bd5 100644 --- a/api/kiwi_vpn_api/routers/user.py +++ b/api/kiwi_vpn_api/routers/user.py @@ -109,6 +109,7 @@ async def add_user( status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER, status.HTTP_403_FORBIDDEN: Responses.NEEDS_ADMIN, status.HTTP_404_NOT_FOUND: Responses.ENTRY_DOESNT_EXIST, + status.HTTP_406_NOT_ACCEPTABLE: Responses.CANT_TARGET_SELF, }, response_model=User, ) @@ -120,6 +121,10 @@ async def remove_user( DELETE ./{user_name}: Remove a user from the database. """ + # stop inting + if current_user.name == user.name: + raise HTTPException(status_code=status.HTTP_406_NOT_ACCEPTABLE) + # delete user user.delete()