From 70cc90549d084c0a08328021568425b2f89c4432 Mon Sep 17 00:00:00 2001
From: Andrew <mcdeweykp@gmail.com>
Date: Sun, 9 Jan 2022 23:34:11 -0500
Subject: [PATCH] Minor fixes to user deletion. Allow users with user
 permissions to delete users...wow. How many times can I say user?

---
 app/classes/web/panel_handler.py                  | 12 ++++++++----
 app/frontend/templates/panel/panel_edit_user.html |  1 +
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/app/classes/web/panel_handler.py b/app/classes/web/panel_handler.py
index b1e61c5c..baf6b506 100644
--- a/app/classes/web/panel_handler.py
+++ b/app/classes/web/panel_handler.py
@@ -16,8 +16,8 @@ from app.classes.shared.main_models import Users, installer
 from app.classes.web.base_handler import BaseHandler
 
 from app.classes.models.servers import Servers
-from app.classes.models.server_permissions import Enum_Permissions_Server
-from app.classes.models.crafty_permissions import Enum_Permissions_Crafty
+from app.classes.models.server_permissions import Enum_Permissions_Server, Permissions_Servers
+from app.classes.models.crafty_permissions import Enum_Permissions_Crafty, Permissions_Crafty
 from app.classes.models.management import management_helper
 
 from app.classes.shared.helpers import helper
@@ -510,10 +510,14 @@ class PanelHandler(BaseHandler):
 
         elif page == "remove_user":
             user_id = bleach.clean(self.get_argument('id', None))
-
-            if not exec_user['superuser']:
+            
+            if not exec_user['superuser'] and Enum_Permissions_Crafty.User_Config not in exec_user_crafty_permissions:
                 self.redirect("/panel/error?error=Unauthorized access: not superuser")
                 return
+
+            elif str(exec_user_id) == str(user_id):
+                self.redirect("/panel/error?error=Unauthorized access: you cannot delete yourself")
+                return
             elif user_id is None:
                 self.redirect("/panel/error?error=Invalid User ID")
                 return
diff --git a/app/frontend/templates/panel/panel_edit_user.html b/app/frontend/templates/panel/panel_edit_user.html
index 0807932d..6206458f 100644
--- a/app/frontend/templates/panel/panel_edit_user.html
+++ b/app/frontend/templates/panel/panel_edit_user.html
@@ -286,6 +286,7 @@
               label: '<i class="fa fa-times"></i> {{ translate('panelConfig', 'cancel', data['lang']) }}'
           },
           confirm: {
+            className: 'btn-outline-warning',
               label: '<i class="fa fa-check"></i> {{ translate('serverBackups', 'confirm', data['lang']) }}'
           }
       },