Fix for edit user as admin

* It fixes an issue where you where able to remove your own admin rights. This would result in a 404 error. fixes: #2283 * It fixes an issue where you would be able to block your own account on the edit page. This fix makes the behaviour the same as on the admin/users overview page

Fix for edit user as admin
* It fixes an issue where you where able to remove your own admin rights. This would result in a 404 error. fixes: #2283 * It fixes an issue where you would be able to block your own account on the edit page. This fix makes the behaviour the same as on the admin/users overview page
Jeroen van Baarsen
1 parent 12dbd0a4
Showing 1 changed file with 6 additions and 2 deletions Show diff stats
app/views/admin/users/_form.html.haml
@@ -56,8 +56,12 @@
  
       .form-group
         = f.label :admin, class: 'control-label'
-        .col-sm-10= f.check_box :admin
-      - unless @user.new_record?
+        - if current_user == @user
+          .col-sm-10= f.check_box :admin, disabled: true
+          .col-sm-10 You cannot remove your own admin rights
+        - else
+          .col-sm-10= f.check_box :admin
+      - unless @user.new_record? || current_user == @user
         .alert.alert-danger
           - if @user.blocked?
             %p This user is blocked and is not able to login to GitLab
...	...	@@ -56,8 +56,12 @@
56	56
57	57	.form-group
58	58	= f.label :admin, class: 'control-label'
59		- .col-sm-10= f.check_box :admin
60		- - unless @user.new_record?
	59	+ - if current_user == @user
	60	+ .col-sm-10= f.check_box :admin, disabled: true
	61	+ .col-sm-10 You cannot remove your own admin rights
	62	+ - else
	63	+ .col-sm-10= f.check_box :admin
	64	+ - unless @user.new_record? \|\| current_user == @user
61	65	.alert.alert-danger
62	66	- if @user.blocked?
63	67	%p This user is blocked and is not able to login to GitLab
...	...