explicitly prevent deletion of admin user

2025-12-06 21:44:13 +03:00 · 2025-11-26 07:12:00 -06:00 · 2025-11-26 07:12:00 -06:00 · ea217bdbac
commit ea217bdbac
parent 113365b911
1 changed files with 7 additions and 1 deletions
--- a/frigate/api/auth.py
+++ b/frigate/api/auth.py
@ -579,7 +579,13 @@ def create_user(


@router.delete("/users/{username}", dependencies=[Depends(require_role(["admin"]))])
-def delete_user(username: str):
+def delete_user(request: Request, username: str):
+    # Prevent deletion of the built-in admin user
+    if username == "admin":
+        return JSONResponse(
+            content={"message": "Cannot delete admin user"}, status_code=403
+        )
+
    User.delete_by_id(username)
    return JSONResponse(content={"success": True})