From 9ca51a03adc3f7a317ed39548436549a80ec21a1 Mon Sep 17 00:00:00 2001
From: Stefano <ste.pigozzi@gmail.com>
Date: Wed, 13 Sep 2017 10:43:38 +0200
Subject: [PATCH] Stop the deletion of the user you're currently logged in
 with.

---
 server.py               | 2 ++
 templates/user/list.htm | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/server.py b/server.py
index bcc3d52..6c09653 100644
--- a/server.py
+++ b/server.py
@@ -641,6 +641,8 @@ def page_user_del(uid):
     if User.query.count() <= 1:
         return render_template("error.htm", error="Non puoi cancellare l'ultimo utente rimasto!")
     utente = User.query.get_or_404(uid)
+    if utente.username == session["username"]:
+        return render_template("error.htm", error="Non puoi cancellare l'utente con cui sei loggato!")
     db.session.delete(utente)
     db.session.commit()
     return redirect(url_for('page_user_list'))
diff --git a/templates/user/list.htm b/templates/user/list.htm
index 5b7d656..51a93e7 100644
--- a/templates/user/list.htm
+++ b/templates/user/list.htm
@@ -18,7 +18,7 @@
         <tr>
             {% for utente in utenti %}
                 <td>{{ utente.username }}</td>
-                <td>{% if utenti|length >= 2 %}<a href="/user_del/{{ utente.uid }}"><span class="glyphicon glyphicon-remove"></span></a>{% endif %}</td>
+                <td>{% if utenti|length >= 2 and utente.username != user %}<a href="/user_del/{{ utente.uid }}"><span class="glyphicon glyphicon-remove"></span></a>{% endif %}</td>
             {% endfor %}
         </tr>
     </table>