commit 2d7ffbf378350872bc38970b4cf9105ee99038b1
parent 475c7b8f1671ba74001bbe50050c1a69931122cb
Author: Stefan Melmuk <stefan.melmuk@gmail.com>
Date: Tue, 27 Sep 2022 10:10:09 +0200
allow the removal of non-confirmed owners
ensure user_to_edit and user_to_delete are actually confirmed users,
before checking if they are the last owner of an organization.
Diffstat:
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs
@@ -999,8 +999,11 @@ async fn edit_user(
err!("Only Owners can edit Owner users")
}
- if user_to_edit.atype == UserOrgType::Owner && new_type != UserOrgType::Owner {
- // Removing owner permmission, check that there is at least one other confirmed owner
+ if user_to_edit.atype == UserOrgType::Owner
+ && new_type != UserOrgType::Owner
+ && user_to_edit.status == UserOrgStatus::Confirmed as i32
+ {
+ // Removing owner permission, check that there is at least one other confirmed owner
if UserOrganization::count_confirmed_by_org_and_type(&org_id, UserOrgType::Owner, &conn).await <= 1 {
err!("Can't delete the last owner")
}
@@ -1097,7 +1100,7 @@ async fn _delete_user(org_id: &str, org_user_id: &str, headers: &AdminHeaders, c
err!("Only Owners can delete Admins or Owners")
}
- if user_to_delete.atype == UserOrgType::Owner {
+ if user_to_delete.atype == UserOrgType::Owner && user_to_delete.status == UserOrgStatus::Confirmed as i32 {
// Removing owner, check that there is at least one other confirmed owner
if UserOrganization::count_confirmed_by_org_and_type(org_id, UserOrgType::Owner, conn).await <= 1 {
err!("Can't delete the last owner")
