Permalink
Browse files

Add same protections to deleting users as demoting

  • Loading branch information...
1 parent b8ec3bb commit 32d8f192052de0f58620f3d9e866d1bedd722f98 @marktabler committed Jun 10, 2013
Showing with 2 additions and 2 deletions.
  1. +1 −1 app/controllers/admin/users_controller.rb
  2. +1 −1 app/views/admin/users/index.html.erb
@@ -31,7 +31,7 @@ def demote
def destroy
@user = User.find(params[:id])
- @user.destroy
+ @user.destroy unless @user == current_user
return redirect_to admin_users_path
end
@@ -21,7 +21,7 @@
<td><%= link_to user.name, edit_admin_user_path(user) %></td>
<td><%= user.pincode %></td>
<td><%= user.admin? ? "Yes" : "No" %></td>
- <td><%= link_to "Delete", admin_user_path(user), method: :delete, data: { confirm: "Delete #{user.name}? This action cannot be undone."} %></td>
+ <td><%= link_to "Delete", admin_user_path(user), method: :delete, data: { confirm: "Delete #{user.name}? This action cannot be undone."} unless user == current_user %></td>
</tr>
<% end %>
</table>

0 comments on commit 32d8f19

Please sign in to comment.