From c26c3c1975c35a60cd196bb1192189e3df1125a8 Mon Sep 17 00:00:00 2001
From: "florian.azizian" <florian.azizian@maarch.org>
Date: Wed, 11 Apr 2018 14:39:03 +0100
Subject: [PATCH] FIX #288 can not delete myself

---
 .../Views/users-administration.component.html             | 8 ++++----
 .../app/administration/users-administration.component.ts  | 2 ++
 src/app/user/controllers/UserController.php               | 5 ++++-
 3 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/apps/maarch_entreprise/Views/users-administration.component.html b/apps/maarch_entreprise/Views/users-administration.component.html
index 4ae5528b435..fde72f84d71 100755
--- a/apps/maarch_entreprise/Views/users-administration.component.html
+++ b/apps/maarch_entreprise/Views/users-administration.component.html
@@ -78,22 +78,22 @@
                         <mat-header-cell *matHeaderCellDef style="text-align: right;padding: 10px">
                         </mat-header-cell>
                         <mat-cell *matCellDef="let element" style="text-align:right">
-                            <button mat-icon-button color="primary" *ngIf="element.enabled == 'Y' && element.inDiffListDest == 'Y'" matTooltip="{{lang.suspend}}"
+                            <button mat-icon-button color="primary" [disabled]="element.user_id==user.user_id" *ngIf="element.enabled == 'Y' && element.inDiffListDest == 'Y'" matTooltip="{{lang.suspend}}"
                                 (click)="$event.stopPropagation();suspendUser(element)">
                                 <mat-icon class="fa fa-pause fa-2x" aria-hidden="true"></mat-icon>
                             </button>
-                            <button mat-icon-button color="primary" *ngIf="element.enabled == 'Y' && element.inDiffListDest == 'N'" matTooltip="{{lang.suspend}}"
+                            <button mat-icon-button color="primary" [disabled]="element.user_id==user.user_id" *ngIf="element.enabled == 'Y' && element.inDiffListDest == 'N'" matTooltip="{{lang.suspend}}"
                                 (click)="$event.stopPropagation();suspendUser(element)">
                                 <mat-icon class="fa fa-pause fa-2x" aria-hidden="true"></mat-icon>
                             </button>
                             <button mat-icon-button color="accent" *ngIf="element.enabled == 'N'" matTooltip="{{lang.authorize}}" (click)="$event.stopPropagation();activateUser(element)">
                                 <mat-icon class="fa fa-check fa-2x" aria-hidden="true"></mat-icon>
                             </button>
-                            <button mat-icon-button color="warn" *ngIf="element.inDiffListDest == 'Y'" matTooltip="{{lang.delete}}" data-toggle="modal"
+                            <button mat-icon-button color="warn" [disabled]="element.user_id==user.user_id" *ngIf="element.inDiffListDest == 'Y'" matTooltip="{{lang.delete}}" data-toggle="modal"
                                 data-target="#changeDiffListDest" (click)="$event.stopPropagation();deleteUser(element)">
                                 <mat-icon class="fa fa-trash fa-2x" aria-hidden="true"></mat-icon>
                             </button>
-                            <button mat-icon-button color="warn" *ngIf="element.inDiffListDest == 'N'" matTooltip="{{lang.delete}}" (click)="$event.stopPropagation();deleteUser(element)">
+                            <button mat-icon-button color="warn" [disabled]="element.user_id==user.user_id" *ngIf="element.inDiffListDest == 'N'" matTooltip="{{lang.delete}}" (click)="$event.stopPropagation();deleteUser(element)">
                                 <mat-icon class="fa fa-trash fa-2x" aria-hidden="true"></mat-icon>
                             </button>
                         </mat-cell>
diff --git a/apps/maarch_entreprise/js/angular/app/administration/users-administration.component.ts b/apps/maarch_entreprise/js/angular/app/administration/users-administration.component.ts
index b13e20e2c07..99c95724173 100644
--- a/apps/maarch_entreprise/js/angular/app/administration/users-administration.component.ts
+++ b/apps/maarch_entreprise/js/angular/app/administration/users-administration.component.ts
@@ -31,6 +31,7 @@ export class UsersAdministrationComponent extends AutoCompletePlugin implements
     userDestRedirect                : any       = {};
     userDestRedirectModels          : any[]     = [];
     quota                           : any       = {};
+    user                            : any       = {};
 
     dataSource          = new MatTableDataSource(this.data);
     displayedColumns    = ['user_id', 'lastname', 'firstname', 'status', 'mail', 'actions'];
@@ -58,6 +59,7 @@ export class UsersAdministrationComponent extends AutoCompletePlugin implements
 
     ngOnInit(): void {
         this.coreUrl = angularGlobals.coreUrl;
+        this.user = angularGlobals.user;
         this.loading = true;
 
         this.http.get(this.coreUrl + 'rest/users')
diff --git a/src/app/user/controllers/UserController.php b/src/app/user/controllers/UserController.php
index f51184ffb7f..dc0dd361f85 100644
--- a/src/app/user/controllers/UserController.php
+++ b/src/app/user/controllers/UserController.php
@@ -186,7 +186,7 @@ class UserController
 
     public function delete(Request $request, Response $response, array $aArgs)
     {
-        $error = $this->hasUsersRights(['id' => $aArgs['id']]);
+        $error = $this->hasUsersRights(['id' => $aArgs['id'], 'delete' => true, 'himself' => true]);
         if (!empty($error['error'])) {
             return $response->withStatus($error['status'])->withJson(['errors' => $error['error']]);
         }
@@ -1004,6 +1004,9 @@ class UserController
                         $error['error'] = 'UserId out of perimeter';
                     }
                 }
+            } elseif ($aArgs['delete'] && $GLOBALS['userId'] == $user['user_id']) {
+                $error['status'] = 403;
+                $error['error'] = 'Can not delete yourself';
             }
         }
 
-- 
GitLab