diff --git a/app/templates/admin_manageuser.html b/app/templates/admin_manageuser.html
index 745e08a..03545bb 100644
--- a/app/templates/admin_manageuser.html
+++ b/app/templates/admin_manageuser.html
@@ -47,7 +47,7 @@
| {{ user.lastname }} |
{{ user.email }} |
-
+
|
|
- |
diff --git a/app/views.py b/app/views.py
index 4ca679c..c55bcaa 100644
--- a/app/views.py
+++ b/app/views.py
@@ -1098,6 +1098,8 @@ def admin_manageuser():
data = jdata['data']
if jdata['action'] == 'delete_user':
+ if username == current_user.username:
+ return make_response(jsonify( { 'status': 'error', 'msg': 'You cannot delete yourself.' } ), 400)
user = User(username=data)
result = user.delete()
if result:
@@ -1119,6 +1121,8 @@ def admin_manageuser():
elif jdata['action'] == 'set_admin':
username = data['username']
+ if username == current_user.username:
+ return make_response(jsonify( { 'status': 'error', 'msg': 'You cannot change you own admin rights.' } ), 400)
is_admin = data['is_admin']
user = User(username=username)
result = user.set_admin(is_admin)