Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2026-04-03 22:37:20 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

feat: prevent removing the last admin user

Browse source 
Add guard in removeRoleMember that checks countUsersByRole before
demoting an ADMIN user, returning 400 if they are the last one.
This commit is contained in:
Dustin Healy 2026-03-26 17:05:43 -07:00
parent b9e0fa48c6
commit e9572854ef
2 changed files with 43 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
packages/api/src/admin/roles.ts
View file

@ -337,6 +337,13 @@ export function createAdminRolesHandlers(deps: AdminRolesDeps) {
return res.status(400).json({ error: 'User is not a member of this role' });
}
if (name === SystemRoles.ADMIN) {
const adminCount = await countUsersByRole(SystemRoles.ADMIN);
if (adminCount <= 1) {
return res.status(400).json({ error: 'Cannot remove the last admin user' });
}
}
await updateUser(userId, { role: SystemRoles.USER });
return res.status(200).json({ success: true });
} catch (error) {