PIX-107 Admin and owner cant be banned

matteosusca · matteosusca · commit 53487fa286a9 · 2026-02-02T18:25:43.000+01:00
diff --git a/client/src/components/lobbies/UserListPanel.vue b/client/src/components/lobbies/UserListPanel.vue
@@ -9,6 +9,7 @@ defineProps<{
   users: User[];
   bannedUsers?: BannedUser[];
   canModerate?: boolean; 
+  ownerId?: string;
 }>();
 
 const emit = defineEmits<{
@@ -83,7 +84,14 @@ const handleUnban = async (userId: string) => {
           
           <div v-if="canModerate && user.id !== userStore.id" class="mod-actions">
             <button class="mod-btn kick" @click="handleKick(user.id)" title="Kick User">K</button>
-            <button class="mod-btn ban" @click="handleBan(user.id)" title="Ban User">B</button>
+            <button 
+              v-if="user.id !== ownerId && !user.isAdmin" 
+              class="mod-btn ban" 
+              @click="handleBan(user.id)" 
+              title="Ban User"
+            >
+              B
+            </button>
           </div>
         </li>
       </ul>
diff --git a/client/src/stores/lobby.store.ts b/client/src/stores/lobby.store.ts
@@ -6,6 +6,7 @@ import { DISCONNECT_REASONS } from '../constants/disconnect.constants';
 export interface User {
   id: string;
   username: string;
+  isAdmin?: boolean;
 }
 
 export const useLobbyStore = defineStore('lobby', () => {
diff --git a/client/src/views/PlayView.vue b/client/src/views/PlayView.vue
@@ -277,6 +277,7 @@ onUnmounted(() => {
           :users="users" 
           :banned-users="bannedUsers"
           :can-moderate="hasLobbyPermissions"
+          :owner-id="lobbyOwnerId"
           @kick="handleKickUser"
           @ban="handleBanUser"
           @unban="handleUnbanUser"
diff --git a/server/src/controllers/lobby.controller.ts b/server/src/controllers/lobby.controller.ts
@@ -185,6 +185,19 @@ export class LobbyController {
       }
 
       // Persist Ban
+      const targetUser = await import('../models/User.js').then(m => m.User.findById(targetUserId));
+
+      if (!targetUser) {
+        throw new AppError('User not found', 404);
+      }
+
+      const isOwner = lobby.owner && (lobby.owner.toString() === targetUserId || (lobby.owner as any)._id?.toString() === targetUserId);
+      const isAdmin = targetUser.isAdmin;
+
+      if (isOwner || isAdmin) {
+        throw new AppError('Cannot ban lobby owner or admin', 403);
+      }
+
       await LobbyService.banUser(id, targetUserId);
       console.log(`[Lobby] Banning user ${targetUserId} from ${id}`);
 

Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,7 @@ import { DISCONNECT_REASONS } from '../constants/disconnect.constants';`
`6`	`6`	`export interface User {`
`7`	`7`	`id: string;`
`8`	`8`	`username: string;`
	`9`	`+ isAdmin?: boolean;`
`9`	`10`	`}`
`10`	`11`
`11`	`12`	`export const useLobbyStore = defineStore('lobby', () => {`