Merge pull request #6051 from Countly/SER-2341

coskunaydinoglu · web-flow · commit 1e9d22609bed · 2025-03-13T14:46:05.000+03:00
[SER-2341] Add error message when global admin tries to remove itself
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,7 @@
 ## Version 24.05.27
 Fixes:
 - [crashes] Remove memory addresses from stack trace grouping
+- [user-management] Prevent global admin from self-revoke and self-delete
 
 Enterprise Fixes:
 - [cohorts] Fixed issue with combining multiple cohorts
diff --git a/frontend/express/public/core/user-management/javascripts/countly.views.js b/frontend/express/public/core/user-management/javascripts/countly.views.js
@@ -118,6 +118,16 @@
                 switch (command) {
                 case "delete-user":
                     var self = this;
+
+                    // Check if user is trying to delete themselves
+                    if (index === countlyGlobal.member._id) {
+                        CountlyHelpers.notify({
+                            type: 'error',
+                            message: CV.i18n('management-users.cannot-delete-own-account')
+                        });
+                        return;
+                    }
+
                     CountlyHelpers.confirm(CV.i18n('management-users.this-will-delete-user'), "red", function(result) {
                         if (!result) {
                             CountlyHelpers.notify({
@@ -693,6 +703,15 @@
             // drawer event handlers
             onClose: function() {},
             onSubmit: function(submitted, done) {
+                if (submitted._id === countlyGlobal.member._id && countlyGlobal.member.global_admin && !submitted.global_admin) {
+                    CountlyHelpers.notify({
+                        message: CV.i18n('management-users.cannot-revoke-own-admin'),
+                        type: 'error'
+                    });
+                    done(CV.i18n('management-users.cannot-revoke-own-admin'));
+                    return;
+                }
+
                 var atLeastOneAppSelected = false;
 
                 for (var i = 0; i < submitted.permission._.u.length; i++) {
diff --git a/frontend/express/public/localization/dashboard/dashboard.properties b/frontend/express/public/localization/dashboard/dashboard.properties
@@ -946,6 +946,8 @@ management-users.search-placeholder = Search in Features
 management-users.reset-failed-logins = Reset failed logins
 management-users.reset-failed-logins-success = Failed logins reset successfully\!
 management-users.reset-failed-logins-failed = Failed to reset logins\!
+management-users.cannot-delete-own-account = You can not delete your own account
+management-users.cannot-revoke-own-admin = You can not revoke your own global admin privileges
 
 #date-preset
 management.preset = Date presets
