From ff651b7d8f3b665eda94a77a8adf402e6fa9f8f7 Mon Sep 17 00:00:00 2001
From: Julian Krauser <jkrauser209@gmail.com>
Date: Fri, 24 Jan 2025 09:20:08 +0100
Subject: [PATCH] fix: prevent deletion of owner

---
 src/controller/admin/user/userController.ts | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/controller/admin/user/userController.ts b/src/controller/admin/user/userController.ts
index 8862699..f6ad511 100644
--- a/src/controller/admin/user/userController.ts
+++ b/src/controller/admin/user/userController.ts
@@ -10,6 +10,7 @@ import MailHelper from "../../../helpers/mailHelper";
 import { CLUB_NAME } from "../../../env.defaults";
 import { UpdateUserPermissionsCommand } from "../../../command/user/user/userPermissionCommand";
 import UserPermissionCommandHandler from "../../../command/user/user/userPermissionCommandHandler";
+import BadRequestException from "../../../exceptions/badRequestException";
 
 /**
  * @description get All users
@@ -137,7 +138,11 @@ export async function updateUserRoles(req: Request, res: Response): Promise<any>
 export async function deleteUser(req: Request, res: Response): Promise<any> {
   const id = parseInt(req.params.id);
 
-  let user = await UserService.getById(id);
+  let { mail, isOwner } = await UserService.getById(id);
+
+  if (isOwner) {
+    throw new BadRequestException("Owner cannot be deleted");
+  }
 
   let deleteUser: DeleteUserCommand = {
     id: id,
@@ -147,7 +152,7 @@ export async function deleteUser(req: Request, res: Response): Promise<any> {
   try {
     // sendmail
     await MailHelper.sendMail(
-      user.mail,
+      mail,
       `Email Bestätigung für Mitglieder Admin-Portal von ${CLUB_NAME}`,
       `Ihr Nutzerkonto des Adminportals wurde erfolgreich gelöscht.`
     );