From 067fb1b0b727fdfe22dc6d0cc3bfd253847f5900 Mon Sep 17 00:00:00 2001
From: Ozzie Isaacs <ozzie.fernandez.isaacs@googlemail.com>
Date: Wed, 7 Apr 2021 18:47:48 +0200
Subject: [PATCH] Prevent delete Guest user and redirect to admin page after
 user delete

---
 cps/admin.py | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/cps/admin.py b/cps/admin.py
index 1d4b5a84..966e01ff 100644
--- a/cps/admin.py
+++ b/cps/admin.py
@@ -1185,10 +1185,14 @@ def _handle_edit_user(to_save, content, languages, translations, kobo_support):
     if to_save.get("delete"):
         if ub.session.query(ub.User).filter(ub.User.role.op('&')(constants.ROLE_ADMIN) == constants.ROLE_ADMIN,
                                             ub.User.id != content.id).count():
-            ub.session.query(ub.User).filter(ub.User.id == content.id).delete()
-            ub.session_commit()
-            flash(_(u"User '%(nick)s' deleted", nick=content.name), category="success")
-            return redirect(url_for('admin.admin'))
+            if content.name != "Guest":
+                ub.session.query(ub.User).filter(ub.User.id == content.id).delete()
+                ub.session_commit()
+                flash(_(u"User '%(nick)s' deleted", nick=content.name), category="success")
+                return redirect(url_for('admin.admin'))
+            else:
+                flash(_(u"Can't delete Guest User"), category="error")
+                return redirect(url_for('admin.admin'))
         else:
             flash(_(u"No admin user remaining, can't delete user", nick=content.name), category="error")
             return redirect(url_for('admin.admin'))
@@ -1255,6 +1259,7 @@ def _handle_edit_user(to_save, content, languages, translations, kobo_support):
     except OperationalError:
         ub.session.rollback()
         flash(_(u"Settings DB is not Writeable"), category="error")
+    return ""
 
 
 @admi.route("/admin/user/new", methods=["GET", "POST"])
@@ -1350,7 +1355,9 @@ def edit_user(user_id):
     kobo_support = feature_support['kobo'] and config.config_kobo_sync
     if request.method == "POST":
         to_save = request.form.to_dict()
-        _handle_edit_user(to_save, content, languages, translations, kobo_support)
+        resp = _handle_edit_user(to_save, content, languages, translations, kobo_support)
+        if resp:
+            return resp
     return render_title_template("user_edit.html",
                                  translations=translations,
                                  languages=languages,