Users should not be able to prohibit their own login (#10970)

* ui: limit managers prohibit themself to login Because I think it's crazy and not reasonale , that if a user can prohibit themself to login. so suggest limit this choice on ui Signed-off-by: a1012112796 <1012112796@qq.com> * skip self Prohibit Login in post event handle * fix comment Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: John Olheiser <john.olheiser@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-04-06 22:23:15 +08:00 · 2020-04-06 22:23:15 +08:00 · 88c14326b1
commit 88c14326b1
parent 1bec60e02a
2 changed files with 8 additions and 2 deletions
--- a/routers/admin/users.go
+++ b/routers/admin/users.go
@ -243,7 +243,13 @@ func EditUserPost(ctx *context.Context, form auth.AdminEditUserForm) {
 	u.AllowGitHook = form.AllowGitHook
 	u.AllowImportLocal = form.AllowImportLocal
 	u.AllowCreateOrganization = form.AllowCreateOrganization
-	u.ProhibitLogin = form.ProhibitLogin
+
+	// skip self Prohibit Login
+	if ctx.User.ID == u.ID {
+		u.ProhibitLogin = false
+	} else {
+		u.ProhibitLogin = form.ProhibitLogin
+	}

 	if err := models.UpdateUser(u); err != nil {
 		if models.IsErrEmailAlreadyUsed(err) {
--- a/templates/admin/user/edit.tmpl
+++ b/templates/admin/user/edit.tmpl
@ -74,7 +74,7 @@
 				<div class="inline field">
 					<div class="ui checkbox">
 						<label><strong>{{.i18n.Tr "admin.users.prohibit_login"}}</strong></label>
-						<input name="prohibit_login" type="checkbox" {{if .User.ProhibitLogin}}checked{{end}}>
+						<input name="prohibit_login" type="checkbox" {{if .User.ProhibitLogin}}checked{{end}} {{if (eq .User.ID .SignedUserID)}}disabled{{end}}>
 					</div>
 				</div>
 				<div class="inline field">