tdpeuter/open-webui
tdpeuter/open-webui
1
Fork 0
forked from open-webui/open-webui
Code Issues Pull requests 1 Releases 2 Packages Activity Actions

fix: disable admin self user delete

Browse source
This commit is contained in:
Timothy J. Baek 2023-12-28 23:07:46 -08:00
parent b61bb77950
commit ad1cb5fc25
1 changed files with 10 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
backend/apps/web/routers/users.py
View file

@ -87,15 +87,21 @@ async def delete_user_by_id(user_id: str, cred=Depends(bearer_scheme)):
if user: if user:
if user.role == "admin": if user.role == "admin":
if user.id != user_id:
result = Users.delete_user_by_id(user_id) result = Users.delete_user_by_id(user_id)
if result: if result:
return True return True
else: else:
raise HTTPException( raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN, status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
detail=ERROR_MESSAGES.DELETE_USER_ERROR, detail=ERROR_MESSAGES.DELETE_USER_ERROR,
) )
else:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail=ERROR_MESSAGES.ACTION_PROHIBITED,
)
else: else:
raise HTTPException( raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN, status_code=status.HTTP_403_FORBIDDEN,