From e152b791f45b02c20b00e248f1502bc144e8a9a8 Mon Sep 17 00:00:00 2001
From: Syndamia <kamen@syndamia.com>
Date: Sun, 2 Feb 2025 16:00:41 +0200
Subject: feat(views/admin): Implement form for user deletion

---
 controllers/user.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'controllers')

diff --git a/controllers/user.php b/controllers/user.php
index ac906a0..bc3da70 100644
--- a/controllers/user.php
+++ b/controllers/user.php
@@ -65,8 +65,9 @@ function on_delete() {
     global $user_status;
     $user_status = "";
 
+    $user = null;
     try {
-        Database\Cookie::fromDB($TOKEN);
+        $user = Database\Cookie::fromDB($TOKEN);
     }
     catch (Exception $e) {
         $user_status = 'Invalid token!';
@@ -82,6 +83,11 @@ function on_delete() {
         return;
     }
 
+    if ($user->UID !== $to_delete->UID && $user->Role !== 'Admin') {
+        $list_status = 'You have no permission to delete this user!';
+        return;
+    }
+
     $to_delete->delete();
 
     header('Location: /');
-- 
cgit v1.2.3