go-gitea · zeripath · May 8, 2022 · Apr 19, 2022 · May 8, 2022 · May 8, 2022
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
@@ -2529,6 +2529,7 @@ users.allow_import_local = May Import Local Repositories
 users.allow_create_organization = May Create Organizations
 users.update_profile = Update User Account
 users.delete_account = Delete User Account
+users.cannot_delete_self = "You cannot delete yourself"
 users.still_own_repo = This user still owns one or more repositories. Delete or transfer these repositories first.
 users.still_has_org = This user is a member of an organization. Remove the user from any organizations first.
 users.still_own_packages = This user still owns one or more packages. Delete these packages first.

diff --git a/routers/api/v1/admin/user.go b/routers/api/v1/admin/user.go
@@ -310,6 +310,12 @@ func DeleteUser(ctx *context.APIContext) {
 		return
 	}
 
+	// admin should not delete themself
+	if ctx.ContextUser.ID == ctx.Doer.ID {
+		ctx.Error(http.StatusUnprocessableEntity, "", fmt.Errorf("you cannot delete yourself"))
+		return
+	}
+
 	if err := user_service.DeleteUser(ctx.ContextUser); err != nil {
 		if models.IsErrUserOwnRepos(err) ||
 			models.IsErrUserHasOrgs(err) ||

diff --git a/routers/web/admin/users.go b/routers/web/admin/users.go
@@ -416,6 +416,15 @@ func DeleteUser(ctx *context.Context) {
 		return
 	}
 
+	// admin should not delete themself
+	if u.ID == ctx.Doer.ID {
+		ctx.Flash.Error(ctx.Tr("admin.users.cannot_delete_self"))
+		ctx.JSON(http.StatusOK, map[string]interface{}{
+			"redirect": setting.AppSubURL + "/admin/users/" + url.PathEscape(ctx.Params(":userid")),
+		})
+		return
+	}
+
 	if err = user_service.DeleteUser(u); err != nil {
 		switch {
 		case models.IsErrUserOwnRepos(err):