mirror of
https://github.com/Mintplex-Labs/anything-llm.git
synced 2024-10-04 01:40:12 +02:00
Prevent lone-admin from locking themselves out the system (#376)
resolves #367
This commit is contained in:
parent
dd33767059
commit
085745c5e4
@ -55,6 +55,28 @@ function adminEndpoints(app) {
|
|||||||
try {
|
try {
|
||||||
const { id } = request.params;
|
const { id } = request.params;
|
||||||
const updates = reqBody(request);
|
const updates = reqBody(request);
|
||||||
|
const user = await User.get({ id: Number(id) });
|
||||||
|
|
||||||
|
// Check to make sure with this update that includes a role change to
|
||||||
|
// something other than admin that we still have at least one admin left.
|
||||||
|
if (
|
||||||
|
updates.hasOwnProperty("role") && // has admin prop to change
|
||||||
|
updates.role !== "admin" && // and we are changing to non-admin
|
||||||
|
user.role === "admin" // and they currently are an admin
|
||||||
|
) {
|
||||||
|
const adminCount = await User.count({ role: "admin" });
|
||||||
|
if (adminCount - 1 <= 0) {
|
||||||
|
response
|
||||||
|
.status(200)
|
||||||
|
.json({
|
||||||
|
success: false,
|
||||||
|
error:
|
||||||
|
"No system admins will remain if you do this. Update failed.",
|
||||||
|
});
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
const { success, error } = await User.update(id, updates);
|
const { success, error } = await User.update(id, updates);
|
||||||
response.status(200).json({ success, error });
|
response.status(200).json({ success, error });
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
|
@ -197,6 +197,28 @@ function apiAdminEndpoints(app) {
|
|||||||
|
|
||||||
const { id } = request.params;
|
const { id } = request.params;
|
||||||
const updates = reqBody(request);
|
const updates = reqBody(request);
|
||||||
|
const user = await User.get({ id: Number(id) });
|
||||||
|
|
||||||
|
// Check to make sure with this update that includes a role change to
|
||||||
|
// something other than admin that we still have at least one admin left.
|
||||||
|
if (
|
||||||
|
updates.hasOwnProperty("role") && // has admin prop to change
|
||||||
|
updates.role !== "admin" && // and we are changing to non-admin
|
||||||
|
user.role === "admin" // and they currently are an admin
|
||||||
|
) {
|
||||||
|
const adminCount = await User.count({ role: "admin" });
|
||||||
|
if (adminCount - 1 <= 0) {
|
||||||
|
response
|
||||||
|
.status(200)
|
||||||
|
.json({
|
||||||
|
success: false,
|
||||||
|
error:
|
||||||
|
"No system admins will remain if you do this. Update failed.",
|
||||||
|
});
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
const { success, error } = await User.update(id, updates);
|
const { success, error } = await User.update(id, updates);
|
||||||
response.status(200).json({ success, error });
|
response.status(200).json({ success, error });
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
|
@ -21,7 +21,7 @@ const User = {
|
|||||||
|
|
||||||
update: async function (userId, updates = {}) {
|
update: async function (userId, updates = {}) {
|
||||||
try {
|
try {
|
||||||
const updatedUser = await prisma.users.update({
|
await prisma.users.update({
|
||||||
where: { id: parseInt(userId) },
|
where: { id: parseInt(userId) },
|
||||||
data: updates,
|
data: updates,
|
||||||
});
|
});
|
||||||
|
Loading…
Reference in New Issue
Block a user