up

src/main/java/su/xserver/iikocon/MainVerticle.java

@@ -186,6 +186,7 @@ public class MainVerticle extends AbstractVerticle {
         rc.response().setStatusCode(400).end("Missing login, email or password");
         return;
       }
+      // Создаём активного пользователя (active = true)
       userService.createUser(login, email, password, ip, true)
         .onSuccess(v -> rc.response().setStatusCode(201).end())
         .onFailure(err -> rc.response().setStatusCode(500).end(err.getMessage()));
@@ -209,6 +210,15 @@ public class MainVerticle extends AbstractVerticle {
 
     router.delete("/api/admin/users/:id").handler(rc -> {
       int id = Integer.parseInt(rc.pathParam("id"));
+      Integer currentUserId = rc.session().get("userId");
+
+      if (currentUserId != null && currentUserId == id) {
+        rc.response().setStatusCode(403).end(new JsonObject()
+          .put("error", "You cannot delete your own account")
+          .encode());
+        return;
+      }
+
       userService.deleteUser(id)
         .onSuccess(v -> rc.response().end())
         .onFailure(err -> rc.response().setStatusCode(500).end(err.getMessage()));
@@ -217,6 +227,13 @@ public class MainVerticle extends AbstractVerticle {
     router.put("/api/admin/users/:id/activate").handler(rc -> {
       int id = Integer.parseInt(rc.pathParam("id"));
       boolean active = Boolean.parseBoolean(rc.queryParam("active").get(0));
+      Integer currentUserId = rc.session().get("userId");
+
+      if (currentUserId != null && currentUserId == id) {
+        rc.response().setStatusCode(403).end(new JsonObject().put("error", "You cannot deactivate yourself").encode());
+        return;
+      }
+
       userService.setActive(id, active)
         .onSuccess(v -> rc.response().end())
         .onFailure(err -> rc.response().setStatusCode(500).end(err.getMessage()));