From ab5e8465b602dde589408de274694efeaa18407a Mon Sep 17 00:00:00 2001 From: lesion Date: Tue, 3 May 2022 11:42:59 +0200 Subject: [PATCH] fix user self-removal --- server/api/controller/user.js | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/server/api/controller/user.js b/server/api/controller/user.js index 4410a456..5221d208 100644 --- a/server/api/controller/user.js +++ b/server/api/controller/user.js @@ -123,7 +123,12 @@ const userController = { async remove (req, res) { try { - const user = await User.findByPk(req.params.id) + let user + if (res.locals.user.is_admin && req.params.id) { + user = await User.findByPk(req.params.id) + } else { + user = await User.findByPk(res.locals.user.id) + } await user.destroy() log.warn(`User ${user.email} removed!`) res.sendStatus(200)