protect the admin user

src/main/java/com/commafeed/frontend/rest/resources/AdminUsersREST.java

@@ -50,6 +50,11 @@ public class AdminUsersREST extends AbstractREST {
 			}
 		} else {
 			User user = userService.findById(id);
+			if (StartupBean.ADMIN_NAME.equals(user.getName())
+					&& !userModel.isEnabled()) {
+				return Response.status(Status.FORBIDDEN)
+						.entity("You cannot disable the admin user.").build();
+			}
 			user.setName(userModel.getName());
 			if (StringUtils.isNotBlank(userModel.getPassword())) {
 				user.setPassword(encryptionService.getEncryptedPassword(
@@ -120,7 +125,8 @@ public class AdminUsersREST extends AbstractREST {
 			return Response.status(Status.NOT_FOUND).build();
 		}
 		if (StartupBean.ADMIN_NAME.equals(user.getName())) {
-			return Response.status(Status.FORBIDDEN).build();
+			return Response.status(Status.FORBIDDEN)
+					.entity("You cannot delete the admin user.").build();
 		}
 		feedEntryStatusService.delete(feedEntryStatusService.findAll(user));
 		feedSubscriptionService.delete(feedSubscriptionService.findAll(user));

src/main/webapp/js/controllers.js

@@ -251,7 +251,7 @@ module.controller('FeedListCtrl', function($scope, $stateParams, $http, $route,
 });
 
 module.controller('ManageUsersCtrl',
-		function($scope, $state, AdminUsersService) {
+		function($scope, $state, $location, AdminUsersService) {
 			$scope.users = AdminUsersService.getAll();
 			$scope.selection = [];
 			$scope.gridOptions = {
@@ -268,6 +268,9 @@ module.controller('ManageUsersCtrl',
 			$scope.addUser = function() {
 				$state.transitionTo('admin.useradd');
 			};
+			$scope.back = function() {
+				$location.path('/');
+			};
 		});
 
 module.controller('ManageUserCtrl', function($scope, $state, $stateParams,
@@ -279,6 +282,12 @@ module.controller('ManageUserCtrl', function($scope, $state, $stateParams,
 	$scope.closeAlert = function(index) {
 		$scope.alerts.splice(index, 1);
 	};
+	var alertFunction = function(data) {
+		$scope.alerts.push({
+			msg : data.data,
+			type: 'error'
+		});
+	};
 
 	$scope.cancel = function(){
 		$state.transitionTo('admin.userlist');
@@ -286,15 +295,11 @@ module.controller('ManageUserCtrl', function($scope, $state, $stateParams,
 	$scope.save = function() {
 		AdminUsersService.save($scope.user, function() {
 			$state.transitionTo('admin.userlist');
-		}, function(data) {
+		}, alertFunction);
-			$scope.alerts.push({
-				msg : data.data
-			});
-		});
 	};
 	$scope.delete = function() {
 		AdminUsersService.delete({id: $scope.user.id}, function() {
 			$state.transitionTo('admin.userlist');
-		});
+		},alertFunction);
 	};
 });

src/main/webapp/templates/admin.userlist.html

@@ -6,6 +6,7 @@
 	<div>
 		<div class="button-bar">
 			<button class="btn" ng-click="addUser()">Add user</button>
+			<button class="btn" ng-click="back()">Back</button>
 		</div>
 		<div class="users-table" ng-grid="gridOptions"></div>
 	</div>