From 2c6a80fb766e11a481e53741b504f484324af546 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Thu, 25 Dec 2008 02:48:07 +0000
Subject: Don't let the admin delete themselves, either.  That would be bad.

---
 modules/user/controllers/users.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules')

diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
index 88f499e6..a0e89922 100644
--- a/modules/user/controllers/users.php
+++ b/modules/user/controllers/users.php
@@ -82,7 +82,7 @@ class Users_Controller extends REST_Controller {
    *  @see REST_Controller::_delete($resource)
    */
   public function _delete($user) {
-    if (!user::active()->admin) {
+    if (!user::active()->admin || $user->id == user::active()->id ) {
       access::forbidden();
     }
     // Prevent CSRF
-- 
cgit v1.2.3