Prevent sole admin from deleting their account

Without this guard, the last admin in the system could delete their own account, making the application unmanageable. This adds a model method `User#sole_admin?`, a controller guard in `RegistrationsController#destroy`, and disables the delete button in the profile edit view when the current user is the only remaining admin. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-10 17:27:15 +00:00
12 changed files with 62 additions and 104 deletions
--- a/app/controllers/measurements_controller.rb
+++ b/app/controllers/measurements_controller.rb
@@ -1,13 +1,7 @@
 class MeasurementsController < ApplicationController
-  before_action except: :index do
-    raise AccessForbidden unless current_user.at_least(:active)
-  end
-
  def index
-    readouts = current_user.readouts.includes(:quantity, :unit).order(created_at: :desc)
-    @measurements = readouts.group_by(&:created_at).map do |created_at, grouped|
-      Measurement.new(created_at: created_at, readouts: grouped)
-    end
+    @measurements = []
+    #@measurements = current_user.units.ordered.includes(:base, :subunits)
  end

  def new
@@ -15,33 +9,8 @@ class MeasurementsController < ApplicationController
  end

  def create
-    timestamp = Time.current
-    @readouts = readout_params.map do |rp|
-      r = current_user.readouts.new(rp)
-      r.created_at = timestamp
-      r
-    end
-
-    if @readouts.all?(&:valid?)
-      Readout.transaction { @readouts.each(&:save!) }
-      @measurement = Measurement.new(readouts: @readouts, created_at: timestamp)
-      flash.now[:notice] = t('.success')
-    else
-      render :new, status: :unprocessable_entity
-    end
  end

  def destroy
-    @measurement = Measurement.new(id: params[:id].to_i,
-                                   created_at: Time.at(params[:id].to_i))
-    current_user.readouts.where(created_at: @measurement.created_at).delete_all
-    @measurements_empty = current_user.readouts.empty?
-    flash.now[:notice] = t('.success')
-  end
-
-  private
-
-  def readout_params
-    params.require(:readouts).map { |r| r.permit(:quantity_id, :value, :unit_id) }
  end
 end
--- a/app/controllers/user/profiles_controller.rb
+++ b/app/controllers/user/profiles_controller.rb
@@ -1,6 +1,10 @@
 class User::ProfilesController < Devise::RegistrationsController
  def destroy
-    # TODO: Disallow/disable deletion for last admin account; update :edit view
+    if current_user.sole_admin?
+      redirect_back fallback_location: edit_user_registration_path,
+        alert: t(".sole_admin")
+      return
+    end
    super
  end

--- a/app/models/measurement.rb
+++ b/app/models/measurement.rb
@@ -1,17 +1,3 @@
 class Measurement
  include ActiveModel::Model
-
-  attr_accessor :readouts, :created_at
-
-  def id
-    created_at.to_i
-  end
-
-  def to_param
-    id.to_s
-  end
-
-  def persisted?
-    true
-  end
 end
--- a/app/models/quantity.rb
+++ b/app/models/quantity.rb
@@ -15,8 +15,8 @@ class Quantity < ApplicationRecord
    errors.add(:parent, :descendant_reference) if ancestor_of?(parent)
  end
  validates :name, presence: true, uniqueness: {scope: [:user_id, :parent_id]},
-    length: {maximum: type_for_attribute(:name).limit || Float::INFINITY}
-  validates :description, length: {maximum: type_for_attribute(:description).limit || Float::INFINITY}
+    length: {maximum: type_for_attribute(:name).limit}
+  validates :description, length: {maximum: type_for_attribute(:description).limit}

  # Update :depths of progenies after parent change
  before_save if: :parent_changed? do
@@ -61,26 +61,18 @@ class Quantity < ApplicationRecord

  # Return: ordered [sub]hierarchy
  scope :ordered, ->(root: nil, include_root: true) {
-    if connection.adapter_name =~ /mysql/i
-      numbered = Arel::Table.new('numbered')
-      self.model.with(numbered: numbered(:parent_id, :name)).with_recursive(arel_table.name => [
-        numbered.project(
-          numbered[Arel.star],
-          numbered.cast(numbered[:child_number], 'BINARY').as('path')
-        ).where(numbered[root && include_root ? :id : :parent_id].eq(root)),
-        numbered.project(
-          numbered[Arel.star],
-          arel_table[:path].concat(numbered[:child_number])
-        ).join(arel_table).on(numbered[:parent_id].eq(arel_table[:id]))
-      ]).order(arel_table[:path])
-    elsif root.nil?
-      # SQLite: pathname column already stores the full hierarchical path
-      order(:pathname)
-    else
-      root_pathname = unscoped.where(id: root).pick(:pathname)
-      scope = order(:pathname).where("pathname LIKE ?", "#{root_pathname}#{PATHNAME_DELIMITER}%")
-      include_root ? scope.or(where(id: root)) : scope
-    end
+    numbered = Arel::Table.new('numbered')
+
+    self.model.with(numbered: numbered(:parent_id, :name)).with_recursive(arel_table.name => [
+      numbered.project(
+        numbered[Arel.star],
+        numbered.cast(numbered[:child_number], 'BINARY').as('path')
+      ).where(numbered[root && include_root ? :id : :parent_id].eq(root)),
+      numbered.project(
+        numbered[Arel.star],
+        arel_table[:path].concat(numbered[:child_number])
+      ).join(arel_table).on(numbered[:parent_id].eq(arel_table[:id]))
+    ]).order(arel_table[:path])
  }

  # TODO: extract named functions to custom Arel extension
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -29,4 +29,11 @@ class User < ApplicationRecord
  def at_least(status)
    User.statuses[self.status] >= User.statuses[status]
  end
+
+  # Returns true when this user is the only admin account in the system.
+  # Used to block actions that would leave the application without an admin
+  # (account deletion, status demotion).
+  def sole_admin?
+    admin? && !User.admin.where.not(id: id).exists?
+  end
 end
--- a/app/views/measurements/_measurement.html.erb
+++ b/app/views/measurements/_measurement.html.erb
@@ -1,14 +0,0 @@
-<%= tag.tr id: dom_id(measurement) do %>
-  <td><%= l measurement.created_at, format: :short %></td>
-  <td>
-    <% measurement.readouts.each do |readout| %>
-      <span><%= readout.quantity.name %>: <%= readout.value %> <%= readout.unit %></span>
-    <% end %>
-  </td>
-  <% if current_user.at_least(:active) %>
-    <td class="actions">
-      <%= image_button_to t('.destroy'), 'delete-outline', measurement_path(measurement),
-        method: :delete %>
-    </td>
-  <% end %>
-<% end %>
--- a/app/views/measurements/create.turbo_stream.erb
+++ b/app/views/measurements/create.turbo_stream.erb
@@ -1,5 +0,0 @@
-<%= turbo_stream.update :flashes %>
-<%= turbo_stream.remove :measurement_form %>
-<%= turbo_stream.remove :no_items %>
-<%= turbo_stream.enable :new_measurement_link %>
-<%= turbo_stream.prepend :measurements, @measurement %>
--- a/app/views/measurements/destroy.turbo_stream.erb
+++ b/app/views/measurements/destroy.turbo_stream.erb
@@ -1,3 +0,0 @@
-<%= turbo_stream.update :flashes %>
-<%= turbo_stream.remove @measurement %>
-<%= turbo_stream.append(:measurements, render_no_items) if @measurements_empty %>
--- a/app/views/users/profiles/edit.html.erb
+++ b/app/views/users/profiles/edit.html.erb
@@ -4,9 +4,8 @@
 <% end %>

 <div class="rightside-area buttongrid">
-  <%#= TODO: Disallow/disable deletion for last admin account, image_button_to_if %>
-  <%= image_button_to t('.delete'), 'account-remove-outline', user_registration_path,
-    form_class: 'tools-area', method: :delete, data: {turbo: false},
+  <%= image_button_to_if !current_user.sole_admin?, t('.delete'), 'account-remove-outline',
+    user_registration_path, form_class: 'tools-area', method: :delete, data: {turbo: false},
    onclick: {confirm: t('.confirm_delete')} %>
 </div>

--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -88,12 +88,6 @@ en:
      select_quantity: select the measured quantities...
    index:
      new_measurement: Add measurement
-    create:
-      success: Measurement saved.
-    destroy:
-      success: Measurement deleted.
-    measurement:
-      destroy: Delete
  readouts:
    form:
      select_unit: ...
@@ -168,6 +162,9 @@ en:
          New password:
          <br><em>leave blank to keep unchanged</em>
          %{password_length_hint_html}
+  registrations:
+    destroy:
+      sole_admin: You cannot delete the only admin account.
  actions: Actions
  add: Add
  apply: Apply
--- a/test/controllers/registrations_controller_test.rb
+++ b/test/controllers/registrations_controller_test.rb
@@ -0,0 +1,18 @@
+require "test_helper"
+
+class RegistrationsControllerTest < ActionDispatch::IntegrationTest
+  test "sole admin cannot delete account" do
+    sign_in users(:admin)
+    delete user_registration_path
+    assert_redirected_to edit_user_registration_path
+    assert_equal t("registrations.destroy.sole_admin"), flash[:alert]
+    assert User.exists?(users(:admin).id)
+  end
+
+  test "non-admin can delete account" do
+    sign_in users(:alice)
+    assert_difference ->{ User.count }, -1 do
+      delete user_registration_path
+    end
+  end
+end
--- a/test/system/users_test.rb
+++ b/test/system/users_test.rb
@@ -182,8 +182,8 @@ class UsersTest < ApplicationSystemTestCase
    assert_title 'Access is forbidden to this page (403)'
  end

-  test 'delete profile' do
-    user = sign_in
+  test "delete profile" do
+    user = sign_in user: users.reject(&:admin?).select(&:confirmed?).sample
    # TODO: remove condition after root_url changed to different path than
    # profile in routes.rb
    unless has_current_path?(edit_user_registration_path)
@@ -196,7 +196,15 @@ class UsersTest < ApplicationSystemTestCase
    assert_text t("devise.registrations.destroyed")
  end

-  test 'index forbidden for non admin' do
+  test "sole admin cannot delete profile" do
+    sign_in user: users(:admin)
+    unless has_current_path?(edit_user_registration_path)
+      first(:link_or_button, users(:admin).email).click
+    end
+    assert find(:button, t("users.registrations.edit.delete"))[:disabled]
+  end
+
+  test "index forbidden for non admin" do
    sign_in user: users.reject(&:admin?).select(&:confirmed?).sample
    visit users_path
    assert_title "Access is forbidden to this page (403)"