From a44b6494bfd4384b1bb3cde7499ecb0af4cb54be Mon Sep 17 00:00:00 2001
From: Steven <stevenlgtm@gmail.com>
Date: Sat, 29 Jul 2023 15:12:19 +0800
Subject: [PATCH] chore: disallow to revert the last admin user

---
 api/v1/user.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/api/v1/user.go b/api/v1/user.go
index 8b2718d..1ceb682 100644
--- a/api/v1/user.go
+++ b/api/v1/user.go
@@ -231,6 +231,16 @@ func (s *APIV1Service) registerUserRoutes(g *echo.Group) {
 			updateUser.RowStatus = &rowStatus
 		}
 		if userPatch.Role != nil {
+			adminRole := store.RoleAdmin
+			adminUsers, err := s.Store.ListUsers(ctx, &store.FindUser{
+				Role: &adminRole,
+			})
+			if err != nil {
+				return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("failed to list admin users, err: %s", err)).SetInternal(err)
+			}
+			if len(adminUsers) == 1 && adminUsers[0].ID == userID && *userPatch.Role != RoleAdmin {
+				return echo.NewHTTPError(http.StatusBadRequest, "cannot remove admin role from the last admin user")
+			}
 			role := store.Role(*userPatch.Role)
 			updateUser.Role = &role
 		}