From ae73b194c47fff9eba7fb249a876cead0a1455b3 Mon Sep 17 00:00:00 2001
From: Hayden <64056131+hay-kot@users.noreply.github.com>
Date: Thu, 13 Oct 2022 09:37:29 -0800
Subject: [PATCH] fix: block self-delete on demo site (#57)

---
 backend/app/api/v1/v1_ctrl_user.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/backend/app/api/v1/v1_ctrl_user.go b/backend/app/api/v1/v1_ctrl_user.go
index 10fdbb1..dc2779a 100644
--- a/backend/app/api/v1/v1_ctrl_user.go
+++ b/backend/app/api/v1/v1_ctrl_user.go
@@ -110,6 +110,11 @@ func (ctrl *V1Controller) HandleUserUpdatePassword() http.HandlerFunc {
 // @Security Bearer
 func (ctrl *V1Controller) HandleUserSelfDelete() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
+		if ctrl.isDemo {
+			server.RespondError(w, http.StatusForbidden, nil)
+			return
+		}
+
 		actor := services.UseUserCtx(r.Context())
 		if err := ctrl.svc.User.DeleteSelf(r.Context(), actor.ID); err != nil {
 			server.RespondError(w, http.StatusInternalServerError, err)