mirror of
				https://github.com/dani-garcia/vaultwarden.git
				synced 2025-10-26 16:00:02 +02:00 
			
		
		
		
	allow the removal of non-confirmed owners
ensure user_to_edit and user_to_delete are actually confirmed users, before checking if they are the last owner of an organization.
This commit is contained in:
		
				
					committed by
					
						 Daniel García
						Daniel García
					
				
			
			
				
	
			
			
			
						parent
						
							0a0f620d0b
						
					
				
				
					commit
					387b5eb2dd
				
			| @@ -999,8 +999,11 @@ async fn edit_user( | |||||||
|         err!("Only Owners can edit Owner users") |         err!("Only Owners can edit Owner users") | ||||||
|     } |     } | ||||||
|  |  | ||||||
|     if user_to_edit.atype == UserOrgType::Owner && new_type != UserOrgType::Owner { |     if user_to_edit.atype == UserOrgType::Owner | ||||||
|         // Removing owner permmission, check that there is at least one other confirmed owner |         && new_type != UserOrgType::Owner | ||||||
|  |         && user_to_edit.status == UserOrgStatus::Confirmed as i32 | ||||||
|  |     { | ||||||
|  |         // Removing owner permission, check that there is at least one other confirmed owner | ||||||
|         if UserOrganization::count_confirmed_by_org_and_type(&org_id, UserOrgType::Owner, &conn).await <= 1 { |         if UserOrganization::count_confirmed_by_org_and_type(&org_id, UserOrgType::Owner, &conn).await <= 1 { | ||||||
|             err!("Can't delete the last owner") |             err!("Can't delete the last owner") | ||||||
|         } |         } | ||||||
| @@ -1097,7 +1100,7 @@ async fn _delete_user(org_id: &str, org_user_id: &str, headers: &AdminHeaders, c | |||||||
|         err!("Only Owners can delete Admins or Owners") |         err!("Only Owners can delete Admins or Owners") | ||||||
|     } |     } | ||||||
|  |  | ||||||
|     if user_to_delete.atype == UserOrgType::Owner { |     if user_to_delete.atype == UserOrgType::Owner && user_to_delete.status == UserOrgStatus::Confirmed as i32 { | ||||||
|         // Removing owner, check that there is at least one other confirmed owner |         // Removing owner, check that there is at least one other confirmed owner | ||||||
|         if UserOrganization::count_confirmed_by_org_and_type(org_id, UserOrgType::Owner, conn).await <= 1 { |         if UserOrganization::count_confirmed_by_org_and_type(org_id, UserOrgType::Owner, conn).await <= 1 { | ||||||
|             err!("Can't delete the last owner") |             err!("Can't delete the last owner") | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user