feat(views/admin): Implement form for user deletion

1 files changed, 7 insertions, 1 deletions

diff --git a/controllers/user.php b/controllers/user.php
index ac906a0..bc3da70 100644
--- a/controllers/user.php
+++ b/controllers/user.php
@@ -65,8 +65,9 @@ function on_delete() {
     global $user_status;
     $user_status = "";
 
+    $user = null;
     try {
-        Database\Cookie::fromDB($TOKEN);
+        $user = Database\Cookie::fromDB($TOKEN);
     }
     catch (Exception $e) {
         $user_status = 'Invalid token!';
@@ -82,6 +83,11 @@ function on_delete() {
         return;
     }
 
+    if ($user->UID !== $to_delete->UID && $user->Role !== 'Admin') {
+        $list_status = 'You have no permission to delete this user!';
+        return;
+    }
+
     $to_delete->delete();
 
     header('Location: /');