added protection against deleting last admin, played around with dashbord for joke

2025-11-17 21:20:52 +01:00 · 2025-11-17 21:20:52 +01:00 · a9986476d0
commit a9986476d0
parent bd611b68c0
2 changed files with 6 additions and 1 deletions
--- a/app.py
+++ b/app.py
@ -120,6 +120,11 @@ def admin():
        user = User.query.get(user_id)
        
        if user and user != current_user:  # Prevent self-modification
+            if action in ['demote', 'delete'] and user.admin:
+                admin_count = User.query.filter_by(admin=True).count()
+                if admin_count == 1:
+                    abort(400, description="Cannot remove last admin")
+            
            if action == "promote":
                user.admin = True
            elif action == "demote":
--- a/templates/dashboard.html
+++ b/templates/dashboard.html
@ -21,7 +21,7 @@
                    </li>
                    <li class="list-group-item d-flex justify-content-between">
                        <span>Account Created:</span>
-                        <span class="text-muted">Just now</span>
+                        <span class="text-muted">Before the dinosaurs, there was your account</span>
                    </li>
                </ul>
            </div>