From 12bcdf2d4773863ba179b6aa1e38f1b9f2b7b6cc Mon Sep 17 00:00:00 2001 From: rubenwardy Date: Fri, 1 Jan 2021 16:53:14 +0000 Subject: [PATCH] Prevent moderators and admins from being deleted --- app/blueprints/users/settings.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/app/blueprints/users/settings.py b/app/blueprints/users/settings.py index 8a6a3ba7..10980336 100644 --- a/app/blueprints/users/settings.py +++ b/app/blueprints/users/settings.py @@ -214,6 +214,10 @@ def delete(username): if not user: abort(404) + if user.rank.atLeast(UserRank.MODERATOR): + flash("Users with moderator rank or above cannot be deleted", "danger") + return redirect(url_for("users.account", username=username)) + if request.method == "GET": return render_template("users/delete.html", user=user, can_delete=user.can_delete())