From 68685e6398eb93023f887ad84f8545be9845a36e Mon Sep 17 00:00:00 2001
From: Blitblank <pmcgeee03@gmail.com>
Date: Wed, 22 Apr 2026 21:08:02 -0500
Subject: [PATCH] prevent self user deletion

---
 api/src/Controllers/UsersController.cs | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/api/src/Controllers/UsersController.cs b/api/src/Controllers/UsersController.cs
index 4491636..195741e 100644
--- a/api/src/Controllers/UsersController.cs
+++ b/api/src/Controllers/UsersController.cs
@@ -6,6 +6,8 @@
 
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Authorization;
+using System.Security.Claims;
+using Microsoft.AspNetCore.Identity;
 
 using agologumApi.Models;
 using agologumApi.Services;
@@ -64,12 +66,13 @@ public class UsersController : ControllerBase {
     [HttpDelete("{id}")]
     public async Task<ActionResult> deleteUser(string id) {
 
+        var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
+        if(userId == id) return BadRequest(); // dont allow deletion of yourself
+
         var success = await service_.Delete(id);
 
         if (!success) return NotFound();
 
-        // TODO: set safeguard to no delete the current user
-
         return NoContent();
     }