1 files changed, 21 insertions, 0 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index 3c207c81f..94d8ab53b 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -74,6 +74,26 @@ const usersRemoveValidator = [
  }
 ]
+const usersBlockingValidator = [
+  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking usersRemove parameters', { parameters: req.params })
+    if (areValidationErrors(req, res)) return
+    if (!await checkUserIdExist(req.params.id, res)) return
+    const user = res.locals.user
+    if (user.username === 'root') {
+      return res.status(400)
+                .send({ error: 'Cannot block the root user' })
+                .end()
+    }
+    return next()
+  }
+]
 const deleteMeValidator = [
  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    const user: UserModel = res.locals.oauth.token.User
@@ -230,6 +250,7 @@ export {
  usersAddValidator,
  deleteMeValidator,
  usersRegisterValidator,
+  usersBlockingValidator,
  usersRemoveValidator,
  usersUpdateValidator,
  usersUpdateMeValidator,

diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index 3c207c81f..94d8ab53b 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts
@@ -74,6 +74,26 @@ const usersRemoveValidator = [
74	}	74	}
75	]	75	]
76		76
		77	const usersBlockingValidator = [
		78	param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
		79
		80	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
		81	logger.debug('Checking usersRemove parameters', { parameters: req.params })
		82
		83	if (areValidationErrors(req, res)) return
		84	if (!await checkUserIdExist(req.params.id, res)) return
		85
		86	const user = res.locals.user
		87	if (user.username === 'root') {
		88	return res.status(400)
		89	.send({ error: 'Cannot block the root user' })
		90	.end()
		91	}
		92
		93	return next()
		94	}
		95	]
		96
77	const deleteMeValidator = [	97	const deleteMeValidator = [
78	async (req: express.Request, res: express.Response, next: express.NextFunction) => {	98	async (req: express.Request, res: express.Response, next: express.NextFunction) => {
79	const user: UserModel = res.locals.oauth.token.User	99	const user: UserModel = res.locals.oauth.token.User
@@ -230,6 +250,7 @@ export {
230	usersAddValidator,	250	usersAddValidator,
231	deleteMeValidator,	251	deleteMeValidator,
232	usersRegisterValidator,	252	usersRegisterValidator,
		253	usersBlockingValidator,
233	usersRemoveValidator,	254	usersRemoveValidator,
234	usersUpdateValidator,	255	usersUpdateValidator,
235	usersUpdateMeValidator,	256	usersUpdateMeValidator,