prevent changing admin passwords

2026-01-19 00:27:25 +01:00 · 2025-01-25 21:37:23 -07:00
parent 8f9dafce20
commit ad7ab18fb7
2 changed files with 19 additions and 1 deletions
--- a/server/server_admin.go
+++ b/server/server_admin.go
@@ -50,6 +50,9 @@ func (s *Server) handleUsersAdd(w http.ResponseWriter, r *http.Request, v *visit
 		return err
 	} else if u != nil {
 		if req.Force == true {
+			if u.IsAdmin() {
+				return errHTTPForbidden
+			}
 			if err := s.userManager.ChangePassword(req.Username, req.Password); err != nil {
 				return err
 			}