From c272724c5cac7a0e5e2fb9642660e6b62ee1615e Mon Sep 17 00:00:00 2001
From: WanWanYun <wanwanyun@example.com>
Date: Wed, 12 Nov 2025 11:37:33 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D:=20=E9=98=B2=E6=AD=A2?=
 =?UTF-8?q?=E7=AE=A1=E7=90=86=E5=91=98=E5=B0=81=E7=A6=81=E8=87=AA=E5=B7=B1?=
 =?UTF-8?q?=E7=9A=84=E8=B4=A6=E5=8F=B7?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 在封禁用户API中添加自我封禁检查
- 当管理员尝试封禁自己时返回400错误
- 错误消息: "不能封禁自己的账号"
- 解封自己不受限制（虽然被封禁后无法登录后台操作）

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 backend/server.js | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/backend/server.js b/backend/server.js
index f847852..8d47d63 100644
--- a/backend/server.js
+++ b/backend/server.js
@@ -1911,6 +1911,14 @@ app.post('/api/admin/users/:id/ban', authMiddleware, adminMiddleware, (req, res)
     const { id } = req.params;
     const { banned } = req.body;
 
+    // 防止管理员封禁自己
+    if (parseInt(id) === req.user.id && banned) {
+      return res.status(400).json({
+        success: false,
+        message: '不能封禁自己的账号'
+      });
+    }
+
     UserDB.setBanStatus(id, banned);
 
     res.json({