From 2ac6fe7f6d666d64228d11cde24865acc54c7ce7 Mon Sep 17 00:00:00 2001
From: sct <ryan@sct.dev>
Date: Tue, 13 Apr 2021 13:09:06 +0900
Subject: [PATCH] fix(api): allow server owner to delete other admin accounts

---
 server/routes/user/index.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/routes/user/index.ts b/server/routes/user/index.ts
index 2ddc700fc..0c9046918 100644
--- a/server/routes/user/index.ts
+++ b/server/routes/user/index.ts
@@ -281,7 +281,7 @@ router.delete<{ id: string }>(
         });
       }
 
-      if (user.hasPermission(Permission.ADMIN)) {
+      if (user.hasPermission(Permission.ADMIN) && req.user?.id !== 1) {
         return next({
           status: 405,
           message: 'You cannot delete users with administrative privileges.',