From 65a5d05713b15868891e885c28f6c540667a9c22 Mon Sep 17 00:00:00 2001 From: Ludy Date: Tue, 13 Jan 2026 17:13:28 +0100 Subject: [PATCH] feat(ui): prevent self-modification in People management and highlight current user (#5441) # Description of Changes This PR improves the People management UI by preventing users from modifying or deleting their own account and by visually highlighting the currently logged-in user. image ### What was changed - Integrated session-based authentication context to identify the currently logged-in user. - Added a helper to detect the current user in the user list. - Highlighted the current user's row with a subtle background color. - Disabled self-actions: - Editing own role - Enabling/disabling own account - Deleting own account - Kept password change available for the current user. ### Why the change was made - Prevents accidental self-lockout or privilege removal. - Aligns UI behavior with common security best practices. - Improves clarity by visually distinguishing the active user account. --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### Translations (if applicable) - [ ] I ran [`scripts/counter_translation.py`](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/docs/counter_translation.md) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. --- .../config/configSections/PeopleSection.tsx | 52 ++++++++++++------- 1 file changed, 33 insertions(+), 19 deletions(-) diff --git a/frontend/src/proprietary/components/shared/config/configSections/PeopleSection.tsx b/frontend/src/proprietary/components/shared/config/configSections/PeopleSection.tsx index cb8a2d8b7..3e1482265 100644 --- a/frontend/src/proprietary/components/shared/config/configSections/PeopleSection.tsx +++ b/frontend/src/proprietary/components/shared/config/configSections/PeopleSection.tsx @@ -31,11 +31,13 @@ import { useNavigate } from 'react-router-dom'; import UpdateSeatsButton from '@app/components/shared/UpdateSeatsButton'; import { useLicense } from '@app/contexts/LicenseContext'; import ChangeUserPasswordModal from '@app/components/shared/ChangeUserPasswordModal'; +import { useAuth } from '@app/auth/UseSession'; export default function PeopleSection() { const { t } = useTranslation(); const { config } = useAppConfig(); const { loginEnabled } = useLoginRequired(); + const { user: currentUser } = useAuth(); const navigate = useNavigate(); const { licenseInfo: globalLicenseInfo } = useLicense(); const [users, setUsers] = useState([]); @@ -77,6 +79,7 @@ export default function PeopleSection() { ? t('workspace.people.license.noSlotsAvailable', 'No user slots available') : null; + const isCurrentUser = (user: User) => currentUser?.username === user.username; // Form state for edit user modal const [editForm, setEditForm] = useState({ @@ -463,7 +466,10 @@ export default function PeopleSection() { ) : ( filteredUsers.map((user) => ( - + - } - onClick={() => openEditModal(user)} - disabled={!loginEnabled} - > - {t('workspace.people.editRole')} - + {!isCurrentUser(user) && ( + } + onClick={() => openEditModal(user)} + disabled={!loginEnabled} + > + {t('workspace.people.editRole')} + + )} } onClick={() => openChangePasswordModal(user)} @@ -591,17 +599,23 @@ export default function PeopleSection() { > {t('workspace.people.changePassword.action', 'Change password')} - : } - onClick={() => handleToggleEnabled(user)} - disabled={!loginEnabled} - > - {user.enabled ? t('workspace.people.disable') : t('workspace.people.enable')} - - - } onClick={() => handleDeleteUser(user)} disabled={!loginEnabled}> - {t('workspace.people.deleteUser')} - + {!isCurrentUser(user) && ( + : } + onClick={() => handleToggleEnabled(user)} + disabled={!loginEnabled} + > + {user.enabled ? t('workspace.people.disable') : t('workspace.people.enable')} + + )} + {!isCurrentUser(user) && ( + <> + + } onClick={() => handleDeleteUser(user)} disabled={!loginEnabled}> + {t('workspace.people.deleteUser')} + + + )}