Don't let the admin delete themselves, either. That would be bad.

author: Bharat Mediratta <bharat@menalto.com> 2008-12-25 02:48:07 +0000
committer: Bharat Mediratta <bharat@menalto.com> 2008-12-25 02:48:07 +0000
commit: 2c6a80fb766e11a481e53741b504f484324af546 (patch)
tree: 79ba3ac4236380aabd26bb33be3489f98f665a0a
parent: 95ec6a8f571c8dbc93cbdcb871f763fdcf074d72 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
index 88f499e6..a0e89922 100644
--- a/modules/user/controllers/users.php
+++ b/modules/user/controllers/users.php
@@ -82,7 +82,7 @@ class Users_Controller extends REST_Controller {
    *  @see REST_Controller::_delete($resource)
    */
   public function _delete($user) {
-    if (!user::active()->admin) {
+    if (!user::active()->admin || $user->id == user::active()->id ) {
       access::forbidden();
     }
     // Prevent CSRF
author	Bharat Mediratta <bharat@menalto.com>	2008-12-25 02:48:07 +0000
committer	Bharat Mediratta <bharat@menalto.com>	2008-12-25 02:48:07 +0000
commit	2c6a80fb766e11a481e53741b504f484324af546 (patch)
tree	79ba3ac4236380aabd26bb33be3489f98f665a0a
parent	95ec6a8f571c8dbc93cbdcb871f763fdcf074d72 (diff)