feat: protect initial owner from role change and deletion
This commit is contained in:
@@ -78,11 +78,13 @@
|
||||
<a href="/users/{{.ID}}/edit" class="btn btn-sm btn-icon btn-outline-primary" title="Edit">
|
||||
<i class="ti ti-edit"></i>
|
||||
</a>
|
||||
{{if ne .ID $.InitialOwnerID}}
|
||||
<form method="POST" action="/users/{{.ID}}/delete" class="d-inline" onsubmit="return confirm('Are you sure you want to delete this user?')">
|
||||
<button type="submit" class="btn btn-sm btn-icon btn-outline-danger" title="Delete">
|
||||
<i class="ti ti-trash"></i>
|
||||
</button>
|
||||
</form>
|
||||
{{end}}
|
||||
</div>
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
@@ -38,6 +38,13 @@
|
||||
</div>
|
||||
<div class="mb-3">
|
||||
<label class="form-label required">Role</label>
|
||||
{{if .IsInitialOwner}}
|
||||
<select name="role" class="form-select" disabled>
|
||||
<option value="owner" selected>Owner</option>
|
||||
</select>
|
||||
<input type="hidden" name="role" value="owner">
|
||||
<small class="form-hint text-warning"><i class="ti ti-shield-lock"></i> The initial owner role cannot be changed. This account was created during installation and is permanently protected.</small>
|
||||
{{else}}
|
||||
<select name="role" class="form-select">
|
||||
<option value="user" {{if eq .EditUser.Role "user"}}selected{{end}}>User</option>
|
||||
{{with $.User}}
|
||||
@@ -47,6 +54,7 @@
|
||||
{{end}}
|
||||
{{end}}
|
||||
</select>
|
||||
{{end}}
|
||||
</div>
|
||||
<div class="mb-3">
|
||||
<label class="form-label">MFA Status</label>
|
||||
|
||||
Reference in New Issue
Block a user