|
{user.name}
- {#if user.globalRole === 'SITE_ADMIN'}
- SITE ADMIN
- {/if}
|
{user.email} |
-
+ {#if user.id === data.user?.id}
+ {user.tenantRole === 'ADMIN' ? 'Admin' : 'Member'}
+ {:else}
+
+ {/if}
|
{formatDate(user.createdAt)} |
diff --git a/src/routes/api/admin/users/[userId]/+server.ts b/src/routes/api/admin/users/[userId]/+server.ts
index 4ec7f56..8bff5de 100644
--- a/src/routes/api/admin/users/[userId]/+server.ts
+++ b/src/routes/api/admin/users/[userId]/+server.ts
@@ -22,6 +22,11 @@ export const PATCH: RequestHandler = async ({ params, request, locals }) => {
});
if (!targetUser) throw error(404, 'User not found');
+ // Tenant admins cannot modify SITE_ADMIN users
+ if (targetUser.globalRole === 'SITE_ADMIN') {
+ throw error(403, 'Cannot modify a site admin');
+ }
+
// Prevent demoting the last tenant admin
if (targetUser.tenantRole === 'ADMIN' && result.data.tenantRole === 'MEMBER') {
const adminCount = await tx.user.count({