admin user can be disabled now (fix #605)

2014-08-12 10:35:09 +02:00
parent 840a96255c
commit 114ab6834c
1 changed files with 4 additions and 3 deletions
--- a/src/main/java/com/commafeed/frontend/resource/AdminREST.java
+++ b/src/main/java/com/commafeed/frontend/resource/AdminREST.java
@@ -78,10 +78,11 @@ public class AdminREST {
 				return Response.status(Status.CONFLICT).entity(e.getMessage()).build();
 			}
 		} else {
-			User u = userDAO.findById(id);
-			if (CommaFeedApplication.USERNAME_ADMIN.equals(u.getName()) && !userModel.isEnabled()) {
-				return Response.status(Status.FORBIDDEN).entity("You cannot disable the admin user.").build();
+			if (userModel.getId().equals(user.getId()) && !userModel.isEnabled()) {
+				return Response.status(Status.FORBIDDEN).entity("You cannot disable your own account.").build();
 			}
+
+			User u = userDAO.findById(id);
 			u.setName(userModel.getName());
 			if (StringUtils.isNotBlank(userModel.getPassword())) {
 				u.setPassword(encryptionService.getEncryptedPassword(userModel.getPassword(), u.getSalt()));