I was a little bit surprised by how many combinations appeared in this
controller. I'm not sure how I feel about the ability for one user to
delete another. It makes sense to break out different pieces but there
is the check for cant-delete-yourself in one place but not for others.
Like, I would have preferred to have a check for admin privileges and
mismatch of login param with local user login here, too.
Signed-off-by: André Jaenisch andre.jaenisch@posteo.de
I was a little bit surprised by how many combinations appeared in this
controller. I'm not sure how I feel about the ability for one user to
delete another. It makes sense to break out different pieces but there
is the check for cant-delete-yourself in one place but not for others.
Like, I would have preferred to have a check for admin privileges and
mismatch of login param with local user login here, too.
Signed-off-by: André Jaenisch <andre.jaenisch@posteo.de>