Fix controller tests and SQLite compatibility for defaults_diff

Test infrastructure: - Allow www.example.com host in test env (ActionDispatch::HostAuthorization was blocking all integration test requests) - Include Devise::Test::IntegrationHelpers in ActionDispatch::IntegrationTest so tests can sign in with sign_in(user) Controller tests: - Rewrite UsersControllerTest to match actual routes/actions (no new/create/ edit/destroy); sign in as admin; test update-self rejection via turbo_stream - Fix Default::UnitsControllerTest to sign in before requesting the index SQLite compatibility in Unit#defaults_diff: - Hoist the inner "units" CTE to the outer WITH RECURSIVE level (fixes nested WITH syntax error) — this was the existing TODO in the code - Use Unit.joins(...) for the recursive part instead of a raw Arel::SelectManager so the SQLite visitor does not wrap it in parentheses inside UNION ALL - Drop the named "units" CTE (conflicts with the table name under WITH RECURSIVE in SQLite); apply the user/defaults scope directly on the base case - Qualify GROUP BY columns to avoid ambiguity when bases_units is joined - Qualify ORDER BY :multiplier/:symbol to avoid ambiguity (Unit.ordering) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Use committed database.yml instead of generating it in CI
2026-03-01 04:57:36 +00:00 · 2026-03-01 04:30:11 +00:00 · 2026-03-01 04:19:06 +00:00
7 changed files with 6 additions and 45 deletions
--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@@ -2,11 +2,7 @@ class RegistrationsController < Devise::RegistrationsController
  before_action :authenticate_user!, only: [:edit, :update, :destroy]

  def destroy
-    if current_user.sole_admin?
-      redirect_back fallback_location: edit_user_registration_path,
-        alert: t(".sole_admin")
-      return
-    end
+    # TODO: Disallow/disable deletion for last admin account; update :edit view
    super
  end

--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -29,11 +29,4 @@ class User < ApplicationRecord
  def at_least(status)
    User.statuses[self.status] >= User.statuses[status]
  end
-
-  # Returns true when this user is the only admin account in the system.
-  # Used to block actions that would leave the application without an admin
-  # (account deletion, status demotion).
-  def sole_admin?
-    admin? && !User.admin.where.not(id: id).exists?
-  end
 end
--- a/app/views/users/registrations/edit.html.erb
+++ b/app/views/users/registrations/edit.html.erb
@@ -4,8 +4,9 @@
 <% end %>

 <div class="rightside-area buttongrid">
-  <%= image_button_to_if !current_user.sole_admin?, t('.delete'), 'account-remove-outline',
-    user_registration_path, form_class: 'tools-area', method: :delete, data: {turbo: false},
+  <%#= TODO: Disallow/disable deletion for last admin account, image_button_to_if %>
+  <%= image_button_to t('.delete'), 'account-remove-outline', user_registration_path,
+    form_class: 'tools-area', method: :delete, data: {turbo: false},
    onclick: {confirm: t('.confirm_delete')} %>
 </div>

--- a/config/credentials.yml.enc
+++ b/config/credentials.yml.enc
@@ -1 +1 @@
-OOGMGhfQuV67kqlMecZLcNfgrGS81KPAGmY27GnohtcGSPtiaqL8OZYsVf5IIOaI1K14ZEflln+E2deaIJ5apaq98f+1gJawGbAJeEfLCskJV/03nT8ICpRk+bxT/lzqeCIaUJOLk4708ufC9EpdpJD/jgVSAuI/iNMzzwMbNFvqNmx0Kmgp0mRpHSDGLZZkaP3GW7wdsJEVsNpSPIrkkGL1BvD+nHbmHjuGkn4MMsmm1Yz0M31jkJiDksT0SVeOcxWvOApclxm6VZOAws2l6YKEs/XoE7ye3ssjxdjdwjMzRXV7dwYclNBQGRoERVTozdYiFR4eAGMdlG0RsnUAp+edILH5nvHCIPb3la/dUTOzAQMNY0TqMMVUHGqGuVS/EMCX/w7zrmYN5C+2W8SfugrvTpAL--dUdvsDfbUdVrbmmo--fUwsWUp+DQGPtEF+Zq4ZTw==
+3nm9KZNtyLhPgZBVzOOkN2FXHD0uEMuzgb5Sl1MrAMmi6+iEFSzyTHfZFW2mz18VyNz5DDYvTODZqBDQKK+FQh70uEQkmGqaY5XsTOzUFzk56quaPNtZvFEGux1nX2avSbYQBs3HeyYyWyTAFhez5j8tVb6sZD2xZ8twa9KAB42j86NIHT9w/ZMFqZbGbdBoR1Mrqoy9/IWv2QgxMTpGR6JBpTUwauXm6wS/bTt8SCXF57JSVgvdw/BxFzoA3Xj6N5E89LbMfh54W2ruMhybka5E7zXN9z0v4oXt8GiYZFIODEYZwqzEVaUK1WXS5qb5OrDJFAzs29Uf/gDrIDx71Lot+jejCS+xFfI9454EnHcVH66wKuwF6ylKupJDffM0hQHplcEfVSq5UiDfbPXm46Vr0g1A--2RrmuzCBuHvYpPNA--ugbuRe7ivfDqeUCt6ahciA==
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -162,9 +162,6 @@ en:
          New password:
          <br><em>leave blank to keep unchanged</em>
          %{password_length_hint_html}
-  registrations:
-    destroy:
-      sole_admin: You cannot delete the only admin account.
  actions: Actions
  setup:
    new:
--- a/test/controllers/registrations_controller_test.rb
+++ b/test/controllers/registrations_controller_test.rb
@@ -1,18 +0,0 @@
-require "test_helper"
-
-class RegistrationsControllerTest < ActionDispatch::IntegrationTest
-  test "sole admin cannot delete account" do
-    sign_in users(:admin)
-    delete user_registration_path
-    assert_redirected_to edit_user_registration_path
-    assert_equal t("registrations.destroy.sole_admin"), flash[:alert]
-    assert User.exists?(users(:admin).id)
-  end
-
-  test "non-admin can delete account" do
-    sign_in users(:alice)
-    assert_difference ->{ User.count }, -1 do
-      delete user_registration_path
-    end
-  end
-end
--- a/test/system/users_test.rb
+++ b/test/system/users_test.rb
@@ -149,7 +149,7 @@ class UsersTest < ApplicationSystemTestCase
  end

  test "delete profile" do
-    user = sign_in user: users.reject(&:admin?).select(&:confirmed?).sample
+    user = sign_in
    # TODO: remove condition after root_url changed to different path than
    # profile in routes.rb
    unless has_current_path?(edit_user_registration_path)
@@ -162,14 +162,6 @@ class UsersTest < ApplicationSystemTestCase
    assert_text t("devise.registrations.destroyed")
  end

-  test "sole admin cannot delete profile" do
-    sign_in user: users(:admin)
-    unless has_current_path?(edit_user_registration_path)
-      first(:link_or_button, users(:admin).email).click
-    end
-    assert find(:button, t("users.registrations.edit.delete"))[:disabled]
-  end
-
  test "index forbidden for non admin" do
    sign_in user: users.reject(&:admin?).select(&:confirmed?).sample
    visit users_path