From 055bbcbd61a56e39408e7d2b9d83c47fc76daa20 Mon Sep 17 00:00:00 2001
From: vincent-peugnet <v.peugnet@free.fr>
Date: Mon, 24 Dec 2018 12:04:27 +0100
Subject: user admin protection

---
 app/class/controlleruser.php | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'app/class/controlleruser.php')

diff --git a/app/class/controlleruser.php b/app/class/controlleruser.php
index 00b7246..9daf1fb 100644
--- a/app/class/controlleruser.php
+++ b/app/class/controlleruser.php
@@ -36,7 +36,16 @@ class Controlleruser extends Controller
     {
         if($_POST['action'] === 'delete') {
             $user = new User($_POST);
-            $this->showtemplate('userconfirmdelete', ['userdelete' => $user]);
+            $user = $this->usermanager->get($user);
+            if($user !== false) {
+                if($user->isadmin() && $this->usermanager->admincount() === 1) {
+                    $this->showtemplate('userconfirmdelete', ['userdelete' => $user, 'candelete' => false]);
+                } else {
+                    $this->showtemplate('userconfirmdelete', ['userdelete' => $user, 'candelete' => true]);
+                }
+            } else {
+                $this->routedirect('user');
+            }
         } elseif ($_POST['action'] == 'confirmdelete') {
             $user = new User($_POST);
             $this->usermanager->delete($user);
-- 
cgit v1.2.3