AdminAPI: Add (failing) test for admin self-revocation

test/pleroma/web/admin_api/controllers/admin_api_controller_test.exs

@@ -321,6 +321,36 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
       assert ModerationLog.get_log_entry_message(log_entry) ==
                "@#{admin.nickname} revoked admin role from @#{user_one.nickname}, @#{user_two.nickname}"
     end
+
+    test "/:right DELETE, admin cannot revoke their own admin status (single)", %{
+      admin: admin,
+      conn: conn
+    } do
+      conn =
+        conn
+        |> put_req_header("accept", "application/json")
+        |> delete("/api/pleroma/admin/users/#{admin.nickname}/permission_group/admin")
+
+      assert json_response(conn, 403) == %{"error" => "You can't revoke your own admin status."}
+    end
+
+    test "/:right DELETE, admin cannot revoke their own admin status (multiple)", %{
+      admin: admin,
+      conn: conn
+    } do
+      user = insert(:user, is_admin: true)
+
+      conn =
+        conn
+        |> put_req_header("accept", "application/json")
+        |> delete("/api/pleroma/admin/users/permission_group/admin", %{
+          nicknames: [admin.nickname, user.nickname]
+        })
+
+      assert json_response(conn, 403) == %{
+               "error" => "You can't revoke your own admin/moderator status."
+             }
+    end
   end
 
   describe "/api/pleroma/admin/users/:nickname/password_reset" do