From f4389bc5ddaf91a158484dc84150dd17c0658f5f Mon Sep 17 00:00:00 2001
From: Marti Martz <Martii@users.noreply.github.com>
Date: Mon, 19 Aug 2019 14:58:25 -0600
Subject: [PATCH] GDPR15A (#1658)

* Suspend removals on reserved. This can obviously be overridden with Admin+ by elevating the account... just a precaution.

Post #1657 df4ec361b7238bdf55c8939c08c05d4fc1c977bc *(missed increment of GDPR14 i.e. should have been 15)*

Auto-merge
---
 libs/remove.js | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/libs/remove.js b/libs/remove.js
index e409fcb39..d3f9bbfc4 100644
--- a/libs/remove.js
+++ b/libs/remove.js
@@ -31,8 +31,12 @@ function removeable(aModel, aContent, aUser, aCallback) {
 
   // You can't remove yourself
   // You can only remove a remove a user with a lesser role than yourself
+  //   except a reserved account
   if (aModel.modelName === 'User') {
-    aCallback(aContent._id != aUser._id && aContent.role > aUser.role, aContent);
+    aCallback(
+      aContent._id != aUser._id && aContent.role > aUser.role && aContent.role !== 6,
+        aContent
+    );
     return;
   }
 
@@ -53,7 +57,8 @@ function removeable(aModel, aContent, aUser, aCallback) {
     }
 
     // You can only remove content by an author with a lesser user role
-    aCallback(aAuthor.role > aUser.role, aAuthor);
+    //   except a reserved account
+    aCallback(aAuthor.role > aUser.role && aAuthor.role !== 6, aAuthor);
   });
 }
 exports.removeable = removeable;