cannot remove the admin role from he admin user

2026-03-21 21:37:29 +00:00 · 2013-03-31 09:04:30 +02:00
parent 857b65f2b2
commit 5b36df1ab3
2 changed files with 7 additions and 0 deletions
--- a/src/main/java/com/commafeed/frontend/rest/resources/AdminUsersREST.java
+++ b/src/main/java/com/commafeed/frontend/rest/resources/AdminUsersREST.java
@@ -67,6 +67,12 @@ public class AdminUsersREST extends AbstractREST {
 			if (userModel.isAdmin() && !roles.contains(Role.ADMIN)) {
 				userRoleService.save(new UserRole(user, Role.ADMIN));
 			} else if (!userModel.isAdmin() && roles.contains(Role.ADMIN)) {
+				if (StartupBean.ADMIN_NAME.equals(user.getName())) {
+					return Response
+							.status(Status.FORBIDDEN)
+							.entity("You cannot remove the admin role from the admin user.")
+							.build();
+				}
 				for (UserRole userRole : userRoleService.findAll(user)) {
 					if (userRole.getRole() == Role.ADMIN) {
 						userRoleService.delete(userRole);