Skip to content

Commit 8ee4f59

Browse files
c3s4rfredc3s4rfred
authored
Merge pull request #858 from utmstack/bugfix/v10.5.10/system-requires-at-least-one-admin-user
fix: Add validation to prevent deletion of the last admin user
2 parents 4c127e5 + 8e8bed5 commit 8ee4f59

File tree

2 files changed

+10
-1
lines changed

2 files changed

+10
-1
lines changed

backend/src/main/java/com/park/utmstack/repository/UserRepository.java

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,15 @@ public interface UserRepository extends JpaRepository<User, Long> {
3737

3838
@Query(nativeQuery = true, value = "SELECT jhi_user.* FROM jhi_user WHERE jhi_user.id IN (SELECT jhi_user_authority.user_id FROM jhi_user_authority WHERE jhi_user_authority.authority_name = 'ROLE_ADMIN')")
3939
List<User> findAllAdmins();
40+
@Query(nativeQuery = true, value = "SELECT jhi_user.* \n" +
41+
"FROM jhi_user \n" +
42+
"WHERE jhi_user.id IN (\n" +
43+
" SELECT jhi_user_authority.user_id \n" +
44+
" FROM jhi_user_authority \n" +
45+
" WHERE jhi_user_authority.authority_name = 'ROLE_ADMIN' AND jhi_user.activated = true\n" +
46+
") \n" +
47+
"LIMIT 1")
48+
Optional<User> findAnyAdminUser();
4049

4150
@EntityGraph(attributePaths = "authorities")
4251
Optional<User> findOneWithAuthoritiesById(Long id);

backend/src/main/java/com/park/utmstack/security/internalApiKey/InternalApiKeyProvider.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ public InternalApiKeyProvider(UserRepository userRepository) {
2626
public UsernamePasswordAuthenticationToken getAuthentication(String apiKey) {
2727
final String ctx = CLASSNAME + ".getAuthentication";
2828
try {
29-
com.park.utmstack.domain.User user = userRepository.findOneWithAuthoritiesByLogin(Constants.ADMIN_USER)
29+
com.park.utmstack.domain.User user = userRepository.findAnyAdminUser()
3030
.orElseThrow(() -> new RuntimeException("User not found"));
3131
List<SimpleGrantedAuthority> authorities = user.getAuthorities().stream().map(d -> new SimpleGrantedAuthority(d.getName()))
3232
.collect(Collectors.toList());

0 commit comments

Comments
 (0)