barbie-bot/fixin.me
0
0
Fork 0
forked from fixin.me/fixin.me
Code Pull Requests Activity

Prevent sole admin from deleting their account

Browse Source 
Without this guard, the last admin in the system could delete their own
account, making the application unmanageable. This adds a model method
`User#sole_admin?`, a controller guard in `RegistrationsController#destroy`,
and disables the delete button in the profile edit view when the current
user is the only remaining admin.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
barbie-bot
2026-03-01 06:52:14 +00:00
parent f3cb8db1f4
commit 0daf413b47
6 changed files with 44 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/views/users/registrations/edit.html.erb
View File

@@ -4,9 +4,8 @@
<% end %>
<div class="rightside-area buttongrid">
<%#= TODO: Disallow/disable deletion for last admin account, image_button_to_if %>
<%= image_button_to t('.delete'), 'account-remove-outline', user_registration_path,
form_class: 'tools-area', method: :delete, data: {turbo: false},
<%= image_button_to_if !current_user.sole_admin?, t('.delete'), 'account-remove-outline',
user_registration_path, form_class: 'tools-area', method: :delete, data: {turbo: false},
onclick: {confirm: t('.confirm_delete')} %>
</div>