barbie-bot/fixin.me
0
0
Fork 0
forked from fixin.me/fixin.me
Code Pull Requests Activity

Prevent sole admin from deleting their account

Browse Source 
Without this guard, the last admin in the system could delete their own
account, making the application unmanageable. This adds a model method
`User#sole_admin?`, a controller guard in `RegistrationsController#destroy`,
and disables the delete button in the profile edit view when the current
user is the only remaining admin.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
barbie-bot
2026-03-01 06:52:14 +00:00
parent f3cb8db1f4
commit 0daf413b47
6 changed files with 44 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/models/user.rb
View File

@@ -29,4 +29,11 @@ class User < ApplicationRecord
def at_least(status)
User.statuses[self.status] >= User.statuses[status]
end
# Returns true when this user is the only admin account in the system.
# Used to block actions that would leave the application without an admin
# (account deletion, status demotion).
def sole_admin?
admin? && !User.admin.where.not(id: id).exists?
end
end