fix(cli): guard last admin on scheduled CLI deletion path
The last-admin guard was only enforced in the --now branch of 'user delete'. The default scheduled path called user.RequestDeletion without the guard, letting an operator schedule deletion of the last reachable admin via the CLI; the cron flow would then confirm and execute it, violating the invariant the HTTP admin API already enforces.
This commit is contained in:
parent
d64ca0c777
commit
c8893f4533
|
|
@ -447,6 +447,10 @@ var userDeleteCmd = &cobra.Command{
|
||||||
log.Fatalf("Error removing the user: %s", err)
|
log.Fatalf("Error removing the user: %s", err)
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
if err := user.GuardLastAdmin(s, u); err != nil {
|
||||||
|
_ = s.Rollback()
|
||||||
|
log.Fatalf("Could not request user deletion: %s", err)
|
||||||
|
}
|
||||||
err := user.RequestDeletion(s, u)
|
err := user.RequestDeletion(s, u)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
_ = s.Rollback()
|
_ = s.Rollback()
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue