From 4a45b625211c1679f17982a00f9f849ebc13f867 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lera=20Elvo=C3=A9?= <yagich@poto.cafe>
Date: Sat, 20 Dec 2025 19:05:01 +0300
Subject: [PATCH] prevent admin from deleting their account

---
 app/routes/users.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/app/routes/users.py b/app/routes/users.py
index 2c42ee1..a1a6738 100644
--- a/app/routes/users.py
+++ b/app/routes/users.py
@@ -884,6 +884,10 @@ def delete_page_confirm(username):
         flash('Incorrect password.', InfoboxKind.ERROR)
         return redirect(url_for('.delete_page', username=username))
 
+    if target_user.is_admin():
+        flash('You cannot delete the admin account.', InfoboxKind.ERROR)
+        return redirect(url_for('.delete_page', username=username))
+
     anonymize_user(target_user.id)
     sessions = Sessions.findall({'user_id': int(target_user.id)})
     for session_obj in sessions: