From c26707485119ab37e85435c0dad50b80add09d9e Mon Sep 17 00:00:00 2001
From: Steven <stevenlgtm@gmail.com>
Date: Sat, 23 Dec 2023 08:05:05 +0800
Subject: [PATCH] chore: prevent archive/delete current user

---
 api/v1/user.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/api/v1/user.go b/api/v1/user.go
index d9b863be..77be627c 100644
--- a/api/v1/user.go
+++ b/api/v1/user.go
@@ -312,6 +312,9 @@ func (s *APIV1Service) DeleteUser(c echo.Context) error {
 	if err != nil {
 		return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("id"))).SetInternal(err)
 	}
+	if currentUserID == userID {
+		return echo.NewHTTPError(http.StatusBadRequest, "Cannot delete current user")
+	}
 
 	if err := s.Store.DeleteUser(ctx, &store.DeleteUser{
 		ID: userID,
@@ -371,6 +374,9 @@ func (s *APIV1Service) UpdateUser(c echo.Context) error {
 	if request.RowStatus != nil {
 		rowStatus := store.RowStatus(request.RowStatus.String())
 		userUpdate.RowStatus = &rowStatus
+		if rowStatus == store.Archived && currentUserID == userID {
+			return echo.NewHTTPError(http.StatusBadRequest, "Cannot archive current user")
+		}
 	}
 	if request.Username != nil {
 		if !usernameMatcher.MatchString(strings.ToLower(*request.Username)) {