mirror of
https://github.com/nitnelave/lldap.git
synced 2023-04-12 14:25:13 +00:00
graphql: Add guardrails to prevent deleting all the admins
This commit is contained in:
parent
eb974e781c
commit
54b6f7d726
@ -110,6 +110,9 @@ impl<Handler: BackendHandler + Sync> Mutation<Handler> {
|
|||||||
if !context.validation_result.is_admin {
|
if !context.validation_result.is_admin {
|
||||||
return Err("Unauthorized group update".into());
|
return Err("Unauthorized group update".into());
|
||||||
}
|
}
|
||||||
|
if group.id == 1 {
|
||||||
|
return Err("Cannot change admin group details".into());
|
||||||
|
}
|
||||||
context
|
context
|
||||||
.handler
|
.handler
|
||||||
.update_group(UpdateGroupRequest {
|
.update_group(UpdateGroupRequest {
|
||||||
@ -143,6 +146,9 @@ impl<Handler: BackendHandler + Sync> Mutation<Handler> {
|
|||||||
if !context.validation_result.is_admin {
|
if !context.validation_result.is_admin {
|
||||||
return Err("Unauthorized group membership modification".into());
|
return Err("Unauthorized group membership modification".into());
|
||||||
}
|
}
|
||||||
|
if context.validation_result.user == user_id && group_id == 1 {
|
||||||
|
return Err("Cannot remove admin rights for current user".into());
|
||||||
|
}
|
||||||
context
|
context
|
||||||
.handler
|
.handler
|
||||||
.remove_user_from_group(&user_id, GroupId(group_id))
|
.remove_user_from_group(&user_id, GroupId(group_id))
|
||||||
@ -154,6 +160,9 @@ impl<Handler: BackendHandler + Sync> Mutation<Handler> {
|
|||||||
if !context.validation_result.is_admin {
|
if !context.validation_result.is_admin {
|
||||||
return Err("Unauthorized user deletion".into());
|
return Err("Unauthorized user deletion".into());
|
||||||
}
|
}
|
||||||
|
if context.validation_result.user == user_id {
|
||||||
|
return Err("Cannot delete current user".into());
|
||||||
|
}
|
||||||
context.handler.delete_user(&user_id).await?;
|
context.handler.delete_user(&user_id).await?;
|
||||||
Ok(Success::new())
|
Ok(Success::new())
|
||||||
}
|
}
|
||||||
@ -162,6 +171,9 @@ impl<Handler: BackendHandler + Sync> Mutation<Handler> {
|
|||||||
if !context.validation_result.is_admin {
|
if !context.validation_result.is_admin {
|
||||||
return Err("Unauthorized group deletion".into());
|
return Err("Unauthorized group deletion".into());
|
||||||
}
|
}
|
||||||
|
if group_id == 1 {
|
||||||
|
return Err("Cannot delete admin group".into());
|
||||||
|
}
|
||||||
context.handler.delete_group(GroupId(group_id)).await?;
|
context.handler.delete_group(GroupId(group_id)).await?;
|
||||||
Ok(Success::new())
|
Ok(Success::new())
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user