user admin protection

author: vincent-peugnet <v.peugnet@free.fr> 2018-12-24 12:04:27 +0100
committer: vincent-peugnet <v.peugnet@free.fr> 2018-12-24 12:04:27 +0100
commit: 055bbcbd61a56e39408e7d2b9d83c47fc76daa20 (patch)
tree: 3d3ced3c3147346e382a9ca53a499fd35f21749a /app/class/controlleruser.php
parent: 8d8f625ea20e10cf6fb053fab73c2ef7a559dc87 (diff)
download: wcms-055bbcbd61a56e39408e7d2b9d83c47fc76daa20.tar.gz
wcms-055bbcbd61a56e39408e7d2b9d83c47fc76daa20.zip
1 files changed, 10 insertions, 1 deletions
diff --git a/app/class/controlleruser.php b/app/class/controlleruser.php
index 00b7246..9daf1fb 100644
--- a/app/class/controlleruser.php
+++ b/app/class/controlleruser.php
@@ -36,7 +36,16 @@ class Controlleruser extends Controller
     {
         if($_POST['action'] === 'delete') {
             $user = new User($_POST);
-            $this->showtemplate('userconfirmdelete', ['userdelete' => $user]);
+            $user = $this->usermanager->get($user);
+            if($user !== false) {
+                if($user->isadmin() && $this->usermanager->admincount() === 1) {
+                    $this->showtemplate('userconfirmdelete', ['userdelete' => $user, 'candelete' => false]);
+                } else {
+                    $this->showtemplate('userconfirmdelete', ['userdelete' => $user, 'candelete' => true]);
+                }
+            } else {
+                $this->routedirect('user');
+            }
         } elseif ($_POST['action'] == 'confirmdelete') {
             $user = new User($_POST);
             $this->usermanager->delete($user);
author	vincent-peugnet <v.peugnet@free.fr>	2018-12-24 12:04:27 +0100
committer	vincent-peugnet <v.peugnet@free.fr>	2018-12-24 12:04:27 +0100
commit	055bbcbd61a56e39408e7d2b9d83c47fc76daa20 (patch)
tree	3d3ced3c3147346e382a9ca53a499fd35f21749a /app/class/controlleruser.php
parent	8d8f625ea20e10cf6fb053fab73c2ef7a559dc87 (diff)
download	wcms-055bbcbd61a56e39408e7d2b9d83c47fc76daa20.tar.gz wcms-055bbcbd61a56e39408e7d2b9d83c47fc76daa20.zip