User.can_terminate_account: non-admins cannot terminate terminate adm…

…in or moderator accounts addresses issue #943
ASKBOT · Aug 20, 2024 · 04e1d25 · 04e1d25
1 parent 50cde79
commit 04e1d25
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/askbot/models/__init__.py b/askbot/models/__init__.py
@@ -551,6 +551,11 @@ def user_can_terminate_account(self, user):
         if is_admin: #admin can't remove own account, as as safeguard
             return False
         return perm == 'users'
+
+    # non-admins with terminate_accounts role cannot remove admins or moderators
+    if not self.is_administrator() and user.is_administrator_or_moderator():
+        return False
+
     return is_admin