fix(users): check before send update request if user is protected

Scalingo · Feb 23, 2024 · c39cd9e · c39cd9e
1 parent b4edee7
commit c39cd9e
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/db/users/update.go b/db/users/update.go
@@ -47,6 +47,17 @@ func UpdateUser(ctx context.Context, app, addonUUID, username string) error {
 	if !userExists {
 		return errors.New(ctx, fmt.Sprintf("User \"%s\" does not exist", username))
 	}
+	// Check if the user is protected
+	var userIsProtected bool
+	for _, user := range l {
+		if user.Name == username && user.Protected {
+			userIsProtected = true
+			break
+		}
+	}
+	if userIsProtected {
+		return errors.New(ctx, fmt.Sprintf("User \"%s\" is protected and cannot be updated", username))
+	}
 
 	password, confirmedPassword, err := askForPasswordWithRetry(ctx, 3)
 	if err != nil {