Disallow deleting your own user or removing admin role

5 years ago · a4c62f6860
parent f8bd580fb7
commit a4c62f6860
3 changed files with 12 additions and 2 deletions
--- a/airsonic-main/src/main/java/org/airsonic/player/command/UserSettingsCommand.java
+++ b/airsonic-main/src/main/java/org/airsonic/player/command/UserSettingsCommand.java
@ -46,6 +46,7 @@ public class UserSettingsCommand {

    private List<User> users;
    private boolean isAdmin;
+    private boolean isCurrentUser;
    private boolean isPasswordChange;
    private boolean isNewUser;
    private boolean isDeleteUser;
@ -166,6 +167,14 @@ public class UserSettingsCommand {
        isAdmin = admin;
    }

+    public boolean isCurrentUser() {
+        return isCurrentUser;
+    }
+
+    public void setCurrentUser(boolean currentUser) {
+        isCurrentUser = currentUser;
+    }
+
    public boolean isPasswordChange() {
        return isPasswordChange;
    }
--- a/airsonic-main/src/main/java/org/airsonic/player/controller/UserSettingsController.java
+++ b/airsonic-main/src/main/java/org/airsonic/player/controller/UserSettingsController.java
@ -87,6 +87,7 @@ public class UserSettingsController {
                UserSettings userSettings = settingsService.getUserSettings(user.getUsername());
                command.setTranscodeSchemeName(userSettings.getTranscodeScheme().name());
                command.setAllowedMusicFolderIds(Util.toIntArray(getAllowedMusicFolderIds(user)));
+                command.setCurrentUser(securityService.getCurrentUser(request).getUsername().equals(user.getUsername()));
            } else {
                command.setNewUser(true);
                command.setStreamRole(true);
--- a/airsonic-main/src/main/webapp/WEB-INF/jsp/userSettings.jsp
+++ b/airsonic-main/src/main/webapp/WEB-INF/jsp/userSettings.jsp
@ -63,7 +63,7 @@

 <form:form method="post" action="userSettings.view" modelAttribute="command">
        <table style="${command.admin ? 'display:none' : ''}">
-            <tr>
+            <tr style="${command.currentUser ? 'display:none' : ''}">
                <td><form:checkbox path="adminRole" id="admin" cssClass="checkbox"/></td>
                <td><label for="admin"><fmt:message key="usersettings.admin"/></label></td>
            </tr>
@ -136,7 +136,7 @@
        </tr>
    </table>

-    <c:if test="${not command.newUser and not command.admin}">
+    <c:if test="${not command.newUser and not command.admin and not command.currentUser}">
        <table class="indent">
            <tr>
                <td><form:checkbox path="deleteUser" id="delete" cssClass="checkbox"/></td>