Skip to content

Commit

Permalink
Remove "Cannot update your own roles" warning (#14440)
Browse files Browse the repository at this point in the history
  • Loading branch information
MikeAlhayek authored Oct 9, 2023
1 parent 24cc439 commit 8632c3b
Showing 1 changed file with 3 additions and 5 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -96,17 +96,15 @@ public override IDisplayResult Edit(User user)

public override async Task<IDisplayResult> UpdateAsync(User user, UpdateEditorContext context)
{
var model = new EditUserRoleViewModel();

// The current user cannot alter their own roles. This prevents them removing access to the site for themselves.
if (_httpContextAccessor.HttpContext.User.FindFirstValue(ClaimTypes.NameIdentifier) == user.UserId
&& !await _authorizationService.AuthorizeAsync(_httpContextAccessor.HttpContext.User, StandardPermissions.SiteOwner))
{
await _notifier.WarningAsync(H["Cannot update your own roles."]);

return Edit(user);
return null;
}

var model = new EditUserRoleViewModel();

if (await context.Updater.TryUpdateModelAsync(model, Prefix))
{
var roles = await GetRoleAsync();
Expand Down

0 comments on commit 8632c3b

Please sign in to comment.