Prevent sole admin from deleting their account

Without this guard, the last admin in the system could delete their own account, making the application unmanageable. This adds a model method `User#sole_admin?`, a controller guard in `RegistrationsController#destroy`, and disables the delete button in the profile edit view when the current user is the only remaining admin. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-01 06:52:14 +00:00
parent f3cb8db1f4
commit 0daf413b47
6 changed files with 44 additions and 5 deletions
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -162,6 +162,9 @@ en:
          New password:
          <br><em>leave blank to keep unchanged</em>
          %{password_length_hint_html}
+  registrations:
+    destroy:
+      sole_admin: You cannot delete the only admin account.
  actions: Actions
  setup:
    new: