From 43ab8cb1582d3f1586a3361f64019a0e34c313cd Mon Sep 17 00:00:00 2001
From: Nayef Alebrahim <37157638+nayefalebrahim@users.noreply.github.com>
Date: Fri, 24 Jan 2020 23:21:39 +0300
Subject: [PATCH] prevent demotion of last admin

---
 src/psm/Module/User/Controller/UserController.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/psm/Module/User/Controller/UserController.php b/src/psm/Module/User/Controller/UserController.php
index 9b61a257..dda4a541 100644
--- a/src/psm/Module/User/Controller/UserController.php
+++ b/src/psm/Module/User/Controller/UserController.php
@@ -295,6 +295,13 @@ class UserController extends AbstractController
         if ($user_id > 0) {
             // edit user
             unset($clean['password']); // password update is executed separately
+            if (
+                count($this->db->select(PSM_DB_PREFIX . 'users', array('level' => PSM_USER_ADMIN))) == 1 &&
+                    $this->getUser()->getUserLevel() == PSM_USER_ADMIN
+            ) {
+                $this->addMessage(psm_get_lang('users', 'error_user_admin_cant_be_deleted'), 'warning');
+                $clean['level'] = PSM_USER_ADMIN;
+            }
             $this->db->save(PSM_DB_PREFIX . 'users', $clean, array('user_id' => $user_id));
             $this->addMessage(psm_get_lang('users', 'updated'), 'success');