From 04e1d25a3f86a176a1272bfaedda45f064317fe5 Mon Sep 17 00:00:00 2001
From: Evgeny Fadeev <evgeny.fadeev@gmail.com>
Date: Mon, 19 Aug 2024 20:04:57 -0400
Subject: [PATCH] User.can_terminate_account: non-admins cannot terminate
 terminate admin or moderator accounts addresses issue #943

---
 askbot/models/__init__.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/askbot/models/__init__.py b/askbot/models/__init__.py
index 82cf947190..4ac10ce511 100644
--- a/askbot/models/__init__.py
+++ b/askbot/models/__init__.py
@@ -551,6 +551,11 @@ def user_can_terminate_account(self, user):
         if is_admin: #admin can't remove own account, as as safeguard
             return False
         return perm == 'users'
+
+    # non-admins with terminate_accounts role cannot remove admins or moderators
+    if not self.is_administrator() and user.is_administrator_or_moderator():
+        return False
+
     return is_admin