explicitly prevent deletion of admin user

2025-12-07 05:54:10 +03:00 · 2025-11-26 07:12:38 -06:00 · 2025-11-26 07:12:38 -06:00 · 6437ebb86a
commit 6437ebb86a
parent 153bcdba31
1 changed files with 7 additions and 1 deletions
--- a/frigate/api/auth.py
+++ b/frigate/api/auth.py
@ -448,7 +448,13 @@ def create_user(


@router.delete("/users/{username}", dependencies=[Depends(require_role(["admin"]))])
-def delete_user(username: str):
+def delete_user(request: Request, username: str):
+    # Prevent deletion of the built-in admin user
+    if username == "admin":
+        return JSONResponse(
+            content={"message": "Cannot delete admin user"}, status_code=403
+        )
+
    User.delete_by_id(username)
    return JSONResponse(content={"success": True})