You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@kibble.apache.org by hu...@apache.org on 2017/10/20 13:35:32 UTC

[kibble] 08/12: shouldn't be able to accidentally remove oneself

This is an automated email from the ASF dual-hosted git repository.

humbedooh pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kibble.git

commit 9b54d2e5d19b8d026a92b88c1a62018b305cf974
Author: Daniel Gruno <hu...@apache.org>
AuthorDate: Fri Oct 20 15:15:59 2017 +0200

    shouldn't be able to accidentally remove oneself
---
 api/pages/org/members.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/api/pages/org/members.py b/api/pages/org/members.py
index 2d82d27..d57338f 100644
--- a/api/pages/org/members.py
+++ b/api/pages/org/members.py
@@ -188,6 +188,10 @@ def run(API, environ, indata, session):
             isadmin = indata.get('admin', False)
             orgid = session.user['defaultOrganisation'] or "apache"
             
+            # We can't remove ourselves!
+            if memberid == session.user['email']:
+                raise API.exception(403, "You can't remove yourself from an organisation.")
+            
             # Make sure the org exists
             if not session.DB.ES.exists(index=session.DB.dbname, doc_type='organisation', id = orgid):
                 raise API.exception(403, "No such organisation!")

-- 
To stop receiving notification emails like this one, please contact
"commits@kibble.apache.org" <co...@kibble.apache.org>.