summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/models/user.ts1
-rw-r--r--src/server/api/call.ts2
-rw-r--r--src/server/api/endpoints/admin/suspend-user.ts4
3 files changed, 6 insertions, 1 deletions
diff --git a/src/models/user.ts b/src/models/user.ts
index fdbb245faa..31d09bc8f8 100644
--- a/src/models/user.ts
+++ b/src/models/user.ts
@@ -118,6 +118,7 @@ export interface IRemoteUser extends IUserBase {
publicKeyPem: string;
};
updatedAt: Date;
+ isAdmin: false;
}
export type IUser = ILocalUser | IRemoteUser;
diff --git a/src/server/api/call.ts b/src/server/api/call.ts
index e4bb30b695..c191701b02 100644
--- a/src/server/api/call.ts
+++ b/src/server/api/call.ts
@@ -21,7 +21,7 @@ export default (endpoint: string, user: IUser, app: IApp, data: any, file?: any)
return rej('YOUR_ACCOUNT_HAS_BEEN_SUSPENDED');
}
- if (ep.meta.requireAdmin && !(isLocalUser(user) && user.isAdmin)) {
+ if (ep.meta.requireAdmin && !user.isAdmin) {
return rej('YOU_ARE_NOT_ADMIN');
}
diff --git a/src/server/api/endpoints/admin/suspend-user.ts b/src/server/api/endpoints/admin/suspend-user.ts
index 9c32ba987d..9b492c6e15 100644
--- a/src/server/api/endpoints/admin/suspend-user.ts
+++ b/src/server/api/endpoints/admin/suspend-user.ts
@@ -34,6 +34,10 @@ export default (params: any) => new Promise(async (res, rej) => {
return rej('user not found');
}
+ if (user.isAdmin) {
+ return rej('cannot suspend admin');
+ }
+
await User.findOneAndUpdate({
_id: user._id
}, {
generated by cgit v1.2.3-freya (git 2.53.0.84.g453e7b744a) at 2026-03-04 01:06:11 +0000