Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: First Super-User account is not protected #243

Closed
DevPhilB opened this issue Mar 26, 2020 · 1 comment
Closed

Bug: First Super-User account is not protected #243

DevPhilB opened this issue Mar 26, 2020 · 1 comment
Assignees
@MistereoSC
Labels
bug Something isn't working
Milestone
Milestone IV

Comments

@DevPhilB
Copy link
Contributor

Describe the bug
As a Super-User I can delete my account in the CMS and I'm still in "logged-in" state.

To Reproduce
Steps to reproduce the behavior:

  1. Log-in as Super-User
  2. Go to /cms
  3. Delete your account

Expected behavior
Account of the first Super-User has to be protected and undeletable!
@DevPhilB DevPhilB added the bug Something isn't working label Mar 26, 2020
@wasdJens
Copy link
Contributor

wasdJens commented Mar 26, 2020
edited
Loading

To add to this maybe: All users that can delete other users should not be able to delete itself. To achieve this you can check who made the request(Dont know your jwt structure but you can add info like this to the jwt aswell) and compare with the user that is about to be deleted (user delete id same as the one in the jwt? dont delete send an error).

Some edge-cases thoughts or possible user requirements

What if I want to remove myself from a company?

Then someone else does this 😅

I want to delete the last super user and all other users

Basically a system wipe - just delete the whole system in this case 😅

Maybe this helps 👍

@Simon-Deuring Simon-Deuring added this to the Milestone IV milestone Mar 26, 2020
@DevPhilB DevPhilB added the current sprint Part of current sprint label Mar 26, 2020
@DevPhilB DevPhilB mentioned this issue Mar 26, 2020
Open
6 tasks
@MistereoSC MistereoSC self-assigned this Mar 27, 2020
DevPhilB added a commit that referenced this issue Mar 28, 2020
@MistereoSC @DevPhilB
Hotfix/Protected users #243 (#248)
041953a 
* Fix admin self-delete

* Fix missing JEST cleanup

* Add UI warning for user deletion

* Update JEST cases

* Fix typos and lint warning

Co-authored-by: Philipp Backes <philippbackes95@gmail.com>
@DevPhilB DevPhilB removed the current sprint Part of current sprint label Mar 28, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MistereoSC MistereoSC

Labels
bug Something isn't working
Milestone
Milestone IV
Development

No branches or pull requests
4 participants
@DevPhilB @wasdJens @Simon-Deuring @MistereoSC