From fdc85bf5293a194de072c01761a6461009d1e1c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rn-Michael=20Miehe?= <40151420+ldericher@users.noreply.github.com> Date: Tue, 29 Mar 2022 15:38:36 +0000 Subject: [PATCH] don't delete yourself --- api/kiwi_vpn_api/routers/_common.py | 4 ++++ api/kiwi_vpn_api/routers/user.py | 5 +++++ 2 files changed, 9 insertions(+) diff --git a/api/kiwi_vpn_api/routers/_common.py b/api/kiwi_vpn_api/routers/_common.py index 81f74ee..528a83a 100644 --- a/api/kiwi_vpn_api/routers/_common.py +++ b/api/kiwi_vpn_api/routers/_common.py @@ -52,6 +52,10 @@ class Responses: "description": "Entry does not exist in database", "content": None, } + CANT_TARGET_SELF = { + "description": "Operation can't target yourself", + "content": None, + } async def get_current_user( diff --git a/api/kiwi_vpn_api/routers/user.py b/api/kiwi_vpn_api/routers/user.py index 92ce8ec..5a07bd5 100644 --- a/api/kiwi_vpn_api/routers/user.py +++ b/api/kiwi_vpn_api/routers/user.py @@ -109,6 +109,7 @@ async def add_user( status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER, status.HTTP_403_FORBIDDEN: Responses.NEEDS_ADMIN, status.HTTP_404_NOT_FOUND: Responses.ENTRY_DOESNT_EXIST, + status.HTTP_406_NOT_ACCEPTABLE: Responses.CANT_TARGET_SELF, }, response_model=User, ) @@ -120,6 +121,10 @@ async def remove_user( DELETE ./{user_name}: Remove a user from the database. """ + # stop inting + if current_user.name == user.name: + raise HTTPException(status_code=status.HTTP_406_NOT_ACCEPTABLE) + # delete user user.delete()