Commit 5a595f72 authored by Andrew Robert Nicols's avatar Andrew Robert Nicols Committed by Richard Mansfield
Browse files

Prevent users from self deleting if they didn't authenticate from an internal auth mechanism

Signed-off-by: default avatarAndrew Robert Nicols <>
parent dc58830b
......@@ -730,6 +730,9 @@ class User {
public function can_delete_self() {
if (!$this->get('admin')) {
if (!record_exists('auth_instance', 'id', $this->get('authinstance'), 'authname', 'internal')) {
return false;
// Users who belong to an institution that doesn't allow
// registration cannot delete themselves.
foreach ($this->get('institutions') as $i) {
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment