Merge pull request #5869 from ViacheslavKlimov/fix/users-deletion

[3.3.3] Don't allow sysadmin to delete himself

application/src/main/java/org/thingsboard/server/controller/UserController.java

@@ -302,6 +302,10 @@ public class UserController extends BaseController {
             UserId userId = new UserId(toUUID(strUserId));
             User user = checkUserId(userId, Operation.DELETE);
 
+            if (user.getAuthority() == Authority.SYS_ADMIN && getCurrentUser().getId().equals(userId)) {
+                throw new ThingsboardException("Sysadmin is not allowed to delete himself", ThingsboardErrorCode.PERMISSION_DENIED);
+            }
+
             List<EdgeId> relatedEdgeIds = findRelatedEdgeIds(getTenantId(), userId);
 
             userService.deleteUser(getCurrentUser().getTenantId(), userId);