Merge upstream/final-form into master

Incorporates WIP alternative measurement form (single select form with
multiple select actions) and readouts controller.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

.gitea/workflows/test.yml

@@ -0,0 +1,74 @@
+name: Tests
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  test-sqlite:
+    name: Tests (SQLite)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '3.3'
+          bundler-cache: true
+        env:
+          BUNDLE_WITH: "sqlite:development:test"
+
+      - name: Set up test database
+        run: bin/rails db:create db:schema:load
+        env:
+          RAILS_ENV: test
+
+      - name: Run tests
+        run: bin/rails test
+        env:
+          RAILS_ENV: test
+          CI: "true"
+
+  test-mysql:
+    name: Tests (MySQL)
+    runs-on: ubuntu-latest
+
+    services:
+      mysql:
+        image: mysql:8.0
+        env:
+          MYSQL_ROOT_PASSWORD: ""
+          MYSQL_ALLOW_EMPTY_PASSWORD: "yes"
+          MYSQL_DATABASE: fixin_test
+        ports:
+          - 3306:3306
+        options: >-
+          --health-cmd="mysqladmin ping"
+          --health-interval=10s
+          --health-timeout=5s
+          --health-retries=3
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '3.3'
+          bundler-cache: true
+        env:
+          BUNDLE_WITH: "mysql:development:test"
+
+      - name: Set up test database
+        run: bin/rails db:schema:load
+        env:
+          RAILS_ENV: test
+          DB_ADAPTER: mysql
+
+      - name: Run tests
+        run: bin/rails test
+        env:
+          RAILS_ENV: test
+          CI: "true"
+          DB_ADAPTER: mysql

app/assets/images/pictograms/alert-outline.svg

@@ -1 +1 @@
-<svg xmlns="http://www.w3.org/2000/svg" id="icon" viewBox="0 0 24 24"><path fill="#ffffff" d="M12,2L1,21H23M12,6L19.53,19H4.47M11,10V14H13V10M11,16V18H13V16" /></svg>
+<svg xmlns="http://www.w3.org/2000/svg" id="icon" viewBox="0 0 24 24"><path d="M12,2L1,21H23M12,6L19.53,19H4.47M11,10V14H13V10M11,16V18H13V16" /></svg>

app/assets/images/pictograms/check-circle-outline.svg

@@ -1 +1 @@
-<svg xmlns="http://www.w3.org/2000/svg" id="icon" viewBox="0 0 24 24"><path fill="#ffffff" d="M12 2C6.5 2 2 6.5 2 12S6.5 22 12 22 22 17.5 22 12 17.5 2 12 2M12 20C7.59 20 4 16.41 4 12S7.59 4 12 4 20 7.59 20 12 16.41 20 12 20M16.59 7.58L10 14.17L7.41 11.59L6 13L10 17L18 9L16.59 7.58Z" /></svg>
+<svg xmlns="http://www.w3.org/2000/svg" id="icon" viewBox="0 0 24 24"><path d="M12 2C6.5 2 2 6.5 2 12S6.5 22 12 22 22 17.5 22 12 17.5 2 12 2M12 20C7.59 20 4 16.41 4 12S7.59 4 12 4 20 7.59 20 12 16.41 20 12 20M16.59 7.58L10 14.17L7.41 11.59L6 13L10 17L18 9L16.59 7.58Z" /></svg>

app/assets/stylesheets/application.css

@@ -18,10 +18,14 @@
 /* Strive for simplicity:
  * * style elements/tags only - if possible,
  * * replace element/tag name with class name - if element has to be styled
- * differently depending on context (e.g. form)
+ * differently depending on context (e.g. <form>; <a> as link/button),
+ * * styles with multiple selectors should have all selectors with same
+ * specificity, to allow proper rule specificity vs order management.
  *
- * NOTE: Style in a modular way, similar to how CSS @scope would be used,
- * to make transition easier once @scope is widely available */
+ * NOTE: style in a modular way, similar to how CSS @scope would be used,
+ * to make transition easier once @scope is widely available. */
+/* TODO: review styles with multiple selectors and try to convert them to the same
+ * specificity. */
 :root {
   --color-focus-gray: #f3f3f3;
   --color-border-gray: #dddddd;
@@ -54,11 +58,16 @@
   outline: none;
 }
 
+/* [hidden] submit elements cannot have `display` set as it makes them visible. */
+[hidden] {
+  display: none !important;
+}
+
 
 /* Color coding of input controls' background:
- *  blue - target for interaction with pointer
- *  gray - target for interaction with keyboard
- *  red - destructive, non-undoable action
+ *  blue - target for interaction with pointer,
+ *  gray - target for interaction with keyboard,
+ *  red - destructive, non-undoable action.
  */
 button,
 details,
@@ -73,45 +82,13 @@ input,
 select {
   text-align: inherit;
 }
-a,
-button,
-input[type=submit] {
-  cursor: pointer;
-  text-decoration: none;
-  white-space: nowrap;
-}
-/* [hidden] submit controls cannot have `display` set as it makes them visible */
-.button,
-button:not([hidden]),
-input[type=submit]:not([hidden]),
-.tab {
-  align-items: center;
-  color: var(--color-gray);
-  display: flex;
-  fill: var(--color-gray);
-  font-weight: bold;
-}
-.button,
-button,
-input[type=submit] {
-  font-size: 0.8rem;
-  padding: 0.6em 0.5em;
-  width: fit-content;
-}
-input:not([type=submit]):not([type=checkbox]),
-select,
-summary,
-textarea {
-  padding: 0.2em 0.4em;
-}
-.button,
-button,
 input,
 select,
 summary,
 textarea {
-  border: solid 1px var(--color-gray);
+  border: 1px solid var(--color-gray);
   border-radius: 0.25em;
+  padding: 0.2em 0.4em;
 }
 [name=cancel],
 .auxiliary {
@@ -122,7 +99,7 @@ textarea {
 input[type=checkbox],
 svg,
 textarea {
-  margin: 0
+  margin: 0;
 }
 input[type=checkbox] {
   accent-color: var(--color-blue);
@@ -130,6 +107,8 @@ input[type=checkbox] {
   -webkit-appearance: none;
   display: flex;
   height: 1.1em;
+  margin: 0;
+  padding: 0;
   width: 1.1em;
 }
 input[type=checkbox]:checked {
@@ -149,52 +128,21 @@ input::-webkit-outer-spin-button {
   -webkit-appearance: none;
   margin: 0;
 }
-.button > svg,
-.tab > svg,
-button > svg {
-  height: 1.4em;
-  width: 1.4em;
-}
-.button > svg:not(:last-child),
-.tab > svg:not(:last-child),
-button > svg:not(:last-child) {
-  margin-right: 0.2em;
-}
-/* TODO: move normal non-button links (<a>:hover/:focus) styling here (i.e.
- * page-wide, top-level) and remove from table.items - as the style should be
- * same everywhere */
-.button:focus-visible,
-button:focus-visible,
-input[type=submit]:focus-visible {
-  background-color: var(--color-focus-gray);
-}
 input:focus-visible,
 select:focus-visible,
 select:focus-within,
-/* TODO: how to achieve summary:focus-within for ::details-content? */
+/* TODO: how to achieve `summary:focus-within` for `::details-content`? */
 summary:focus-visible,
 textarea:focus-visible {
   accent-color: var(--color-dark-blue);
   background-color: var(--color-focus-gray);
 }
-.button:hover,
-button:hover,
-input[type=submit]:hover {
-  background-color: var(--color-blue);
-  border-color: var(--color-blue);
-  color: white;
-  fill: white;
-}
-.dangerous:hover {
-  background-color: var(--color-red);
-  border-color: var(--color-red);
-}
 input:hover,
 select:hover,
 summary:hover,
 textarea:hover {
   border-color: var(--color-blue);
-  outline: solid 1px var(--color-blue);
+  outline: 1px solid var(--color-blue);
 }
 select:hover,
 summary:hover {
@@ -204,8 +152,68 @@ input:invalid,
 select:invalid,
 textarea:invalid {
   border-color: var(--color-red);
-  outline: solid 1px var(--color-red);
+  outline-color: var(--color-red);
 }
+
+/* `.button`: button-styled <a>, <button>, <input type=submit>.
+ * `.link`: any other <a>.
+ * `.tab`: tab-styled <a>.
+ */
+.button,
+.link,
+.tab {
+  cursor: pointer;
+  text-decoration: none;
+  white-space: nowrap;
+}
+.button,
+.tab {
+  align-items: center;
+  color: var(--color-gray);
+  display: flex;
+  fill: var(--color-gray);
+  font-weight: bold;
+}
+.button {
+  border: 1px solid var(--color-gray);
+  border-radius: 0.25em;
+  font-size: 0.8rem;
+  padding: 0.6em 0.5em;
+  width: fit-content;
+}
+[name=cancel],
+.auxiliary {
+  border-color: var(--color-border-gray);
+  color: var(--color-nav-gray);
+  fill: var(--color-nav-gray);
+}
+.button > svg,
+.tab > svg {
+  height: 1.4em;
+  width: 1.4em;
+}
+.button > svg:not(:last-child),
+.tab > svg:not(:last-child) {
+  margin-right: 0.2em;
+}
+.button:focus-visible,
+.tab:focus-visible,
+.tab:hover {
+  background-color: var(--color-focus-gray);
+}
+.button:hover {
+  background-color: var(--color-blue);
+  border-color: var(--color-blue);
+  color: white;
+  fill: white;
+}
+.dangerous:hover {
+  background-color: var(--color-red);
+  border-color: var(--color-red);
+}
+/* TODO: move normal, non-button links (<a>:hover/:focus) styling here (i.e.
+ * page-wide, top-level) and remove from `table.items` - as the style should be
+ * same everywhere. */
 input[type=text]:read-only,
 textarea:read-only {
   border: none;
@@ -213,8 +221,8 @@ textarea:read-only {
 }
 
 
-/* NOTE: collapse gaps around empty rows (`topside`) once possible
- * with grid-collapse property and remove alternative grid-template
+/* NOTE: collapse gaps around empty rows (`topside`) once possible with
+ * `grid-collapse` property and remove alternative `grid-template-areas`.
  * https://github.com/w3c/csswg-drafts/issues/5813 */
 body {
   display: grid;
@@ -247,18 +255,14 @@ header {
   margin-inline-start: 4%;
 }
 .navigation > .tab {
-  border-bottom: solid 2px var(--color-nav-gray);
+  border-bottom: 2px solid var(--color-nav-gray);
   flex: 1;
   font-size: 1rem;
   justify-content: center;
   padding-block: 0.4em;
 }
-.navigation > .tab:hover,
-.navigation > .tab:focus-visible {
-  background-color: var(--color-focus-gray);
-}
 .navigation > .tab.active {
-  border-bottom: solid 4px var(--color-blue);
+  border-bottom: 4px solid var(--color-blue);
   color: var(--color-blue);
   fill: var(--color-blue);
 }
@@ -290,7 +294,7 @@ header {
 
 #flashes {
   display: grid;
-  gap: 0.2em;
+  row-gap: 0.4em;
   grid-template-columns: 1fr auto auto auto 1fr;
   left: 0;
   pointer-events: none;
@@ -306,44 +310,38 @@ header {
   display: grid;
   grid-column: 2/5;
   grid-template-columns: subgrid;
+  line-height: 2.2em;
   pointer-events: auto;
 }
-.flash.alert:before {
-  content: url('pictograms/alert-outline.svg');
+.flash:before {
+  filter: invert();
   height: 1.4em;
   margin: 0 0.5em;
   width: 1.4em;
 }
+.flash.alert:before {
+  content: url('pictograms/alert-outline.svg');
+}
 .flash.alert {
   border-color: var(--color-red);
   background-color: var(--color-red);
 }
 .flash.notice:before {
   content: url('pictograms/check-circle-outline.svg');
-  height: 1.4em;
-  margin: 0 0.5em;
-  width: 1.4em;
 }
 .flash.notice {
   border-color: var(--color-blue);
   background-color: var(--color-blue);
 }
-.flash > div {
-  grid-column: 2;
-}
-/* NOTE: currently flash button inherits some unnecessary styles from generic
- * button. */
-.flash > button {
-  border: none;
-  color: inherit;
+.flash svg {
   cursor: pointer;
-  font-size: 1.4em;
-  font-weight: bold;
-  grid-column: 3;
+  fill: white;
+  height: 2.2em;
   opacity: 0.6;
-  padding: 0.2em 0.4em;
+  padding: 0.4em 0.5em;
+  width: 2.4em;
 }
-.flash > button:hover {
+.flash svg:hover {
   opacity: 1;
 }
 
@@ -365,7 +363,7 @@ header {
 .labeled-form label.required {
   font-weight: bold;
 }
-/* Don't style `label.error + input` if case already covered by input:invalid */
+/* Don't style `label.error + input` if case already covered by `input:invalid`. */
 .labeled-form label.error {
   color: var(--color-red);
 }
@@ -392,10 +390,10 @@ header {
 }
 
 
-/* TODO: remove .items class (?) and make 'form table' work properly */
+/* TODO: remove `.items` class (?) and make `form table` work properly. */
 table.items {
   border-spacing: 0;
-  border: solid 1px var(--color-border-gray);
+  border: 1px solid var(--color-border-gray);
   border-radius: 0.25em;
   font-size: 0.85rem;
   text-align: left;
@@ -418,7 +416,7 @@ table.items th,
 table.items td {
   padding-inline: 1em 0;
 }
-/* For <a> to fill <td> completely, we use an ::after pseudoelement. */
+/* For <a> to fill <td> completely, we use an `::after` pseudoelement. */
 table.items td.link {
   padding: 0;
   position: relative;
@@ -448,7 +446,7 @@ table.items td:last-child {
   padding-inline-end: 0.1em;
 }
 table.items td {
-  border-top: solid 1px var(--color-border-gray);
+  border-top: 1px solid var(--color-border-gray);
   height: 2.4em;
   padding-block: 0.1em;
 }
@@ -467,7 +465,7 @@ table.items tr.dropzone::after {
   content: '';
   inset: 1px 0 0 0;
   position: absolute;
-  outline: dashed 2px var(--color-blue);
+  outline: 2px dashed var(--color-blue);
   outline-offset: -1px;
   z-index: var(--z-index-table-row-outline);
 }
@@ -478,8 +476,8 @@ table.items tr.form td {
   vertical-align: top;
 }
 
-/* TODO: replace :hover:focus-visible combos with proper LOVE stye order */
-/* TODO: Update table styling: simplify selectors, deduplicate, remove non-font rem. */
+/* TODO: replace `:hover:focus-visible` combos with proper LOVE style order. */
+/* TODO: update table styling: simplify selectors, deduplicate, remove non-font rem. */
 table.items td.link a:hover,
 table.items td.link a:focus-visible,
 table.items td.link a:hover:focus-visible {
@@ -517,9 +515,7 @@ table.items td.svg {
 table.items td.number {
   text-align: right;
 }
-table.items .button,
-table.items button,
-table.items input[type=submit] {
+table.items .button {
   font-weight: normal;
   height: 100%;
   padding: 0.4em;
@@ -529,25 +525,27 @@ table.items select,
 table.items textarea {
   padding-block: 0.375em;
 }
-/* TODO: find a way (layers?) to style inputs differently while making sure
- * hover works properly without using :not(:hover) selectors here. */
-table.items .button:not(:hover),
-table.items button:not(:hover),
-table.items input:not(:hover),
-table.items select:not(:hover),
-table.items textarea:not(:hover) {
+
+table input,
+table select,
+table summary,
+table textarea {
   border-color: var(--color-border-gray);
 }
-table.items .button:not(:hover),
-table.items button:not(:hover),
-table.items input[type=submit]:not(:hover),
-table.items select:not(:hover) {
+table select {
   color: var(--color-table-gray);
 }
-table.items select:focus-within,
-table.items select:focus-visible {
+table select:hover,
+table select:focus-within,
+table select:focus-visible {
   color: black;
 }
+table .button {
+  border-color: var(--color-border-gray);
+  color: var(--color-table-gray);
+}
+
+
 form table.items {
   border: none;
 }
@@ -559,6 +557,9 @@ form table.items td {
 form table.items td:first-child {
   color: inherit;
 }
+form table select {
+  color: black;
+}
 
 
 .centered {
@@ -574,34 +575,17 @@ form table.items td:first-child {
   display: flex;
   gap: 0.8em;
 }
-.hflex.reverse {
-  flex-direction: row-reverse;
-}
 .hflex.centered {
   justify-content: center;
 }
-.hint {
-  color: var(--color-table-gray);
-  font-style: italic;
-  font-size: 0.9rem;
-  text-align: center;
+.vexpand {
+  width: 100%;
 }
 .vflex {
   display: flex;
   gap: 0.8em;
   flex-direction: column;
 }
-[disabled] {
-/* label:has(input[disabled]) {
- * TODO: disabled checkbox blue square focus removal; disabled label styling;
- * focused label styling (currently only checkbox has focus)
- * */
-  border-color: var(--color-border-gray) !important;
-  color: var(--color-border-gray) !important;
-  cursor: not-allowed;
-  fill: var(--color-border-gray) !important;
-  pointer-events: none;
-}
 
 
 details {
@@ -629,7 +613,7 @@ summary:has(.button) {
   padding-inline-end: 0;
 }
 summary .button {
-  border: solid 1px var(--color-border-gray);
+  border: 1px solid var(--color-border-gray);
   border-radius: inherit;
   border-top-left-radius: 0;
   border-bottom-left-radius: 0;
@@ -645,10 +629,10 @@ details[open] summary::before {
 summary::marker {
   padding-left: 0.25em;
 }
-/* NOTE: use details[open]::details-content once widely available */
+/* NOTE: use `details[open]::details-content` once widely available. */
 details[open] ul {
   background: white;
-  border: solid 1px var(--color-border-gray);
+  border: 1px solid var(--color-border-gray);
   border-radius: 0.25em;
   box-shadow: 1px 1px 3px var(--color-border-gray);
   margin: -1px 0 0 0;
@@ -670,3 +654,10 @@ li input[type=checkbox] {
 li::marker {
   content: '';
 }
+/*
+ * TODO:
+ * * disable <label> containing disabled checkbox: `label:has(input[disabled])`,
+ * * disabled label styling,
+ * * focused label styling (currently only checkbox has focus),
+ * * disabled checkbox blue square focus removal.
+ * */

app/controllers/application_controller.rb

@@ -9,6 +9,7 @@ class ApplicationController < ActionController::Base
   helper_method :current_user_disguised?
   helper_method :current_tab
 
+  before_action :redirect_to_setup_if_needed
   before_action :authenticate_user!
 
   class AccessForbidden < StandardError; end
@@ -55,6 +56,16 @@ class ApplicationController < ActionController::Base
 
   private
 
+  # Redirect to the web setup wizard when the application has not yet been
+  # initialised (i.e. no admin account exists in the database).
+  def redirect_to_setup_if_needed
+    return if User.exists?(status: :admin)
+    redirect_to new_setup_path
+  rescue ActiveRecord::StatementInvalid
+    # Tables may not exist yet (migrations not run). Fall through and let the
+    # normal request handling surface a meaningful error.
+  end
+
   def render_no_content(record)
     helpers.render_errors(record)
     render html: nil, layout: true

app/controllers/measurements_controller.rb

@@ -1,7 +1,13 @@
 class MeasurementsController < ApplicationController
+  before_action except: :index do
+    raise AccessForbidden unless current_user.at_least(:active)
+  end
+
   def index
-    @measurements = []
-    #@measurements = current_user.units.ordered.includes(:base, :subunits)
+    readouts = current_user.readouts.includes(:quantity, :unit).order(created_at: :desc)
+    @measurements = readouts.group_by(&:created_at).map do |created_at, grouped|
+      Measurement.new(created_at: created_at, readouts: grouped)
+    end
   end
 
   def new
@@ -9,8 +15,33 @@ class MeasurementsController < ApplicationController
   end
 
   def create
+    timestamp = Time.current
+    @readouts = readout_params.map do |rp|
+      r = current_user.readouts.new(rp)
+      r.created_at = timestamp
+      r
+    end
+
+    if @readouts.all?(&:valid?)
+      Readout.transaction { @readouts.each(&:save!) }
+      @measurement = Measurement.new(readouts: @readouts, created_at: timestamp)
+      flash.now[:notice] = t('.success')
+    else
+      render :new, status: :unprocessable_entity
+    end
   end
 
   def destroy
+    @measurement = Measurement.new(id: params[:id].to_i,
+                                   created_at: Time.at(params[:id].to_i))
+    current_user.readouts.where(created_at: @measurement.created_at).delete_all
+    @measurements_empty = current_user.readouts.empty?
+    flash.now[:notice] = t('.success')
+  end
+
+  private
+
+  def readout_params
+    params.require(:readouts).map { |r| r.permit(:quantity_id, :value, :unit_id) }
   end
 end

app/controllers/readouts_controller.rb

@@ -1,16 +1,23 @@
 class ReadoutsController < ApplicationController
-  before_action :find_quantities, only: [:new]
-  before_action :find_quantity, only: [:discard]
+  before_action :find_quantity, only: [:new, :discard]
   before_action :find_prev_quantities, only: [:new, :discard]
 
   def new
-    @quantities -= @prev_quantities
-    # TODO: raise ParameterInvalid if new_quantities.empty?
-    @readouts = current_user.readouts.build(@quantities.map { |q| {quantity: q} })
+    new_quantities =
+      case params[:button]
+      when 'children'
+        @quantity.subquantities
+      when 'subtree'
+        @quantity.progenies
+      else
+        [@quantity]
+      end
+    new_quantities -= @prev_quantities
+    @readouts = current_user.readouts.build(new_quantities.map { |q| {quantity: q} })
 
     @user_units = current_user.units.ordered
 
-    quantities = @prev_quantities + @quantities
+    quantities = @prev_quantities + new_quantities
     @superquantity = current_user.quantities
       .common_ancestors(quantities.map(&:parent_id)).first
   end
@@ -24,9 +31,6 @@ class ReadoutsController < ApplicationController
 
   private
 
-  def find_quantities
-    @quantities = current_user.quantities.find(params[:quantity])
-  end
 
   def find_quantity
     @quantity = current_user.quantities.find_by!(id: params[:id])

app/controllers/setup_controller.rb

@@ -0,0 +1,59 @@
+# Handles the one-time web-based installation wizard.
+#
+# The wizard is only accessible when no admin account exists yet.  Once an
+# admin has been created the controller redirects every request to the root
+# path, so it can never be used to overwrite an existing installation.
+class SetupController < ActionController::Base
+  # Use the full application layout (header, flash, etc.) so the page looks
+  # consistent with the rest of the site.
+  layout "application"
+
+  before_action :redirect_if_installed
+
+  def new
+  end
+
+  def create
+    email    = params[:admin_email].to_s.strip
+    password = params[:admin_password].to_s
+    confirm  = params[:admin_password_confirmation].to_s
+
+    errors = []
+    errors << t(".email_blank")    if email.blank?
+    errors << t(".password_blank") if password.blank?
+    errors << t(".password_mismatch") if password != confirm
+
+    if errors.any?
+      flash.now[:alert] = errors.join("  ")
+      return render :new, status: :unprocessable_entity
+    end
+
+    user = User.new(email: email, password: password, status: :admin)
+    user.skip_confirmation!
+
+    unless user.save
+      flash.now[:alert] = user.errors.full_messages.join("  ")
+      return render :new, status: :unprocessable_entity
+    end
+
+    # Persist runtime settings chosen during setup.
+    Setting.set("skip_email_confirmation",
+                params[:skip_email_confirmation] == "1")
+
+    # Optionally seed the built-in default units.
+    if params[:seed_units] == "1"
+      load Rails.root.join("db/seeds/units.rb")
+    end
+
+    redirect_to new_user_session_path, notice: t(".success")
+  end
+
+  private
+
+  def redirect_if_installed
+    redirect_to root_path if User.exists?(status: :admin)
+  rescue ActiveRecord::StatementInvalid
+    # Tables are not yet migrated — stay on the setup page so the user sees a
+    # meaningful error rather than a crash.
+  end
+end

app/controllers/user/profiles_controller.rb

@@ -1,11 +1,24 @@
 class User::ProfilesController < Devise::RegistrationsController
   def destroy
-    # TODO: Disallow/disable deletion for last admin account; update :edit view
+    if current_user.sole_admin?
+      redirect_back fallback_location: edit_user_registration_path,
+        alert: t(".sole_admin")
+      return
+    end
     super
   end
 
   protected
 
+  def build_resource(hash = {})
+    super
+    # Skip the email confirmation step when the admin has enabled this option
+    # via the web setup wizard (stored as the "skip_email_confirmation" Setting).
+    # The account becomes active immediately so the user can sign in right after
+    # registering.
+    resource.skip_confirmation! if Setting.get("skip_email_confirmation") == "true"
+  end
+
   def update_resource(resource, params)
     # Based on update_with_password()
     if params[:password].blank?

app/helpers/application_helper.rb

@@ -12,6 +12,12 @@ module ApplicationHelper
       labeled_field_for(method, options) { super }
     end
 
+    def submit(value = nil, options = {})
+      value, options = nil, value if value.is_a?(Hash)
+      options[:class] = @template.class_names('button', options[:class])
+      super
+    end
+
     private
 
     def labeled_field_for(method, options)
@@ -108,8 +114,12 @@ module ApplicationHelper
     end
 
     def button(value = nil, options = {}, &block)
-      # button does not use #objectify_options
-      options.merge!(@options.slice(:form))
+      # #button does not use #objectify_options/@default_options
+      value, options = nil, value if value.is_a?(Hash)
+      options = options.merge(
+        @default_options.slice(:form),
+        class: @template.class_names('button', options[:class])
+      )
       super
     end
 
@@ -143,7 +153,8 @@ module ApplicationHelper
   end
 
   def svg_tag(source, label = nil, options = {})
-    svg_tag = tag.svg(options) do
+    label, options = nil, label if label.is_a? Hash
+    svg_tag = tag.svg(**options) do
       tag.use(href: "#{image_path(source + ".svg")}#icon")
     end
     label.blank? ? svg_tag : svg_tag + tag.span(label)
@@ -212,9 +223,8 @@ module ApplicationHelper
       # Conversion of flash to Array only required because of Devise
       Array(messages).map do |message|
         tag.div class: "flash #{entry}" do
-          # TODO: change button text to svg to make it aligned vertically
-          tag.div(sanitize(message)) + tag.button(sanitize("×"), tabindex: -1,
-                                                  onclick: "this.parentElement.remove();")
+          tag.span(sanitize(message)) +
+            svg_tag('pictograms/close-outline', {onclick: "this.parentElement.remove()"})
         end
       end
     end.join.html_safe

app/models/measurement.rb

@@ -1,3 +1,17 @@
 class Measurement
   include ActiveModel::Model
+
+  attr_accessor :readouts, :created_at
+
+  def id
+    created_at.to_i
+  end
+
+  def to_param
+    id.to_s
+  end
+
+  def persisted?
+    true
+  end
 end

app/models/quantity.rb

@@ -15,8 +15,8 @@ class Quantity < ApplicationRecord
     errors.add(:parent, :descendant_reference) if ancestor_of?(parent)
   end
   validates :name, presence: true, uniqueness: {scope: [:user_id, :parent_id]},
-    length: {maximum: type_for_attribute(:name).limit}
-  validates :description, length: {maximum: type_for_attribute(:description).limit}
+    length: {maximum: type_for_attribute(:name).limit || Float::INFINITY}
+  validates :description, length: {maximum: type_for_attribute(:description).limit || Float::INFINITY}
 
   # Update :depths of progenies after parent change
   before_save if: :parent_changed? do
@@ -61,18 +61,26 @@ class Quantity < ApplicationRecord
 
   # Return: ordered [sub]hierarchy
   scope :ordered, ->(root: nil, include_root: true) {
-    numbered = Arel::Table.new('numbered')
-
-    self.model.with(numbered: numbered(:parent_id, :name)).with_recursive(arel_table.name => [
-      numbered.project(
-        numbered[Arel.star],
-        numbered.cast(numbered[:child_number], 'BINARY').as('path')
-      ).where(numbered[root && include_root ? :id : :parent_id].eq(root)),
-      numbered.project(
-        numbered[Arel.star],
-        arel_table[:path].concat(numbered[:child_number])
-      ).join(arel_table).on(numbered[:parent_id].eq(arel_table[:id]))
-    ]).order(arel_table[:path])
+    if connection.adapter_name =~ /mysql/i
+      numbered = Arel::Table.new('numbered')
+      self.model.with(numbered: numbered(:parent_id, :name)).with_recursive(arel_table.name => [
+        numbered.project(
+          numbered[Arel.star],
+          numbered.cast(numbered[:child_number], 'BINARY').as('path')
+        ).where(numbered[root && include_root ? :id : :parent_id].eq(root)),
+        numbered.project(
+          numbered[Arel.star],
+          arel_table[:path].concat(numbered[:child_number])
+        ).join(arel_table).on(numbered[:parent_id].eq(arel_table[:id]))
+      ]).order(arel_table[:path])
+    elsif root.nil?
+      # SQLite: pathname column already stores the full hierarchical path
+      order(:pathname)
+    else
+      root_pathname = unscoped.where(id: root).pick(:pathname)
+      scope = order(:pathname).where("pathname LIKE ?", "#{root_pathname}#{PATHNAME_DELIMITER}%")
+      include_root ? scope.or(where(id: root)) : scope
+    end
   }
 
   # TODO: extract named functions to custom Arel extension

app/models/setting.rb

@@ -0,0 +1,20 @@
+# Key-value store for runtime application settings that are configured through
+# the web setup wizard (or updated by an administrator) rather than hard-coded
+# in application.rb.
+#
+# Known keys:
+#   skip_email_confirmation  – "true"/"false", mirrors the homonymous option
+#                              that was previously in application.rb.
+class Setting < ApplicationRecord
+  validates :key, presence: true, uniqueness: true
+
+  # Return the string value stored for +key+, or +default+ when absent.
+  def self.get(key, default: nil)
+    find_by(key: key)&.value || default
+  end
+
+  # Persist +value+ for +key+, creating the record if it does not yet exist.
+  def self.set(key, value)
+    find_or_initialize_by(key: key).update!(value: value.to_s)
+  end
+end

app/models/unit.rb

@@ -12,8 +12,8 @@ class Unit < ApplicationRecord
     errors.add(:base, :multilevel_nesting) if base.base_id?
   end
   validates :symbol, presence: true, uniqueness: {scope: :user_id},
-    length: {maximum: type_for_attribute(:symbol).limit}
-  validates :description, length: {maximum: type_for_attribute(:description).limit}
+    length: {maximum: type_for_attribute(:symbol).limit || Float::INFINITY}
+  validates :description, length: {maximum: type_for_attribute(:description).limit || Float::INFINITY}
   validates :multiplier, numericality: {equal_to: 1}, unless: :base
   validates :multiplier, numericality: {greater_than: 0, precision: true, scale: true}, if: :base
 
@@ -26,10 +26,8 @@ class Unit < ApplicationRecord
     other_bases_units = arel_table.alias('other_bases_units')
     sub_units = arel_table.alias('sub_units')
 
-    # TODO: move inner 'with' CTE to outer 'with recursive' - it can have multiple
-    # CTEs, even non recursive ones.
     Unit.with_recursive(actionable_units: [
-      Unit.with(units: self.or(Unit.defaults)).left_joins(:base)
+      self.or(Unit.defaults).left_joins(:base)
         .where.not(
           # Exclude Units that are/have default counterpart
           Arel::SelectManager.new.project(1).from(other_units)
@@ -65,8 +63,14 @@ class Unit < ApplicationRecord
         ),
       # Fill base Units to display proper hierarchy. Duplicates will be removed
       # by final group() - can't be deduplicated with UNION due to 'portable' field.
-      arel_table.join(actionable_units).on(actionable_units[:base_id].eq(arel_table[:id]))
-        .project(arel_table[Arel.star], Arel::Nodes.build_quoted(nil).as('portable'))
+      # Use ActiveRecord::Relation (not a raw SelectManager) so the SQLite Arel
+      # visitor does not wrap it in parentheses inside the UNION ALL CTE body.
+      Unit.joins(
+        arel_table.create_join(
+          actionable_units,
+          arel_table.create_on(actionable_units[:base_id].eq(arel_table[:id]))
+        )
+      ).select(arel_table[Arel.star], Arel::Nodes.build_quoted(nil).as('portable'))
     ]).select(units: [:base_id, :symbol])
       .select(
         units[:id].minimum.as('id'), # can be ANY_VALUE()
@@ -74,7 +78,7 @@ class Unit < ApplicationRecord
         Arel::Nodes.build_quoted(1).as('multiplier'), # disregard multiplier when sorting
         units[:portable].minimum.as('portable')
       )
-      .from(units).group(:base_id, :symbol)
+      .from(units).group(units[:base_id], units[:symbol])
   }
   scope :ordered, ->{
     left_outer_joins(:base).order(ordering)
@@ -83,8 +87,8 @@ class Unit < ApplicationRecord
   def self.ordering
     [arel_table.coalesce(Arel::Table.new(:bases_units)[:symbol], arel_table[:symbol]),
      arel_table[:base_id].not_eq(nil),
-     :multiplier,
-     :symbol]
+     arel_table[:multiplier],
+     arel_table[:symbol]]
   end
 
   before_destroy do

app/models/user.rb

@@ -29,4 +29,11 @@ class User < ApplicationRecord
   def at_least(status)
     User.statuses[self.status] >= User.statuses[status]
   end
+
+  # Returns true when this user is the only admin account in the system.
+  # Used to block actions that would leave the application without an admin
+  # (account deletion, status demotion).
+  def sole_admin?
+    admin? && !User.admin.where.not(id: id).exists?
+  end
 end

app/views/measurements/_form.html.erb

@@ -1,28 +1,23 @@
-<%= tabular_form_with model: Measurement.new, id: :measurement_form,
-  class: 'topside-area vflex', html: {onkeydown: 'formProcessKey(event)'} do |form| %>
-  <table class="items centered">
-    <tbody id="readouts"></tbody>
-  </table>
-
-  <div class="hflex">
-    <%# TODO: right-click selection %>
-    <details id="quantity_select" class="hexpand" open
-             onkeydown="detailsProcessKey(event)">
-      <summary autofocus>
-        <!-- TODO: Set content with CSS when span empty to avoid duplication -->
-        <span data-prompt="<%= t('.select_quantity') %>">
-          <%= t('.select_quantity') %>
-        </span>
-        <%= image_button_tag t(:apply), "update", name: nil, disabled: true,
-          formaction: new_readout_path, formmethod: :get, formnovalidate: true,
-          data: {turbo_stream: true} %>
-      </summary>
-      <ul><%= quantities_check_boxes %></ul>
-    </details>
-    <%= form.button id: :create_measurement_button, disabled: true -%>
-  </div>
-
-  <div class="hflex reverse">
+<%= tabular_form_with model: Measurement.new do |form| %>
+  <fieldset>
+    <table class="items centered">
+      <tbody id="readouts">
+        <tr id="readouts_form">
+          <td colspan="4">
+            <%= collection_select :quantity, :id, @quantities, :id, :to_s_with_depth,
+              {prompt: t('.select_quantity'), disabled: '', selected: ''},
+              {name: :id, class: 'quantity vexpand',
+               onchange: "this.form.requestSubmit(new_readout_submit);"} %>
+            <%= form.submit id: :new_readout_submit, name: nil, value: nil,
+              formaction: new_readout_path, formmethod: :get, formnovalidate: true,
+              hidden: true, data: {turbo_stream: true} %>
+          </td>
+        </tr>
+      </tbody>
+    </table>
+  </fieldset>
+  <div class="hflex centered">
+    <%= form.button -%>
     <%= image_link_to t(:cancel), "close-outline", measurements_path, name: :cancel,
       class: 'dangerous', onclick: render_turbo_stream('form_close') %>
   </div>

app/views/measurements/_form_close.html.erb

@@ -1,3 +1,4 @@
+<%= turbo_stream.update :measurement_form %>
 <%= turbo_stream.update :flashes %>
 <%= turbo_stream.remove :measurement_form %>
 <%= turbo_stream.show :no_items -%>

app/views/measurements/_measurement.html.erb

@@ -0,0 +1,14 @@
+<%= tag.tr id: dom_id(measurement) do %>
+  <td><%= l measurement.created_at, format: :short %></td>
+  <td>
+    <% measurement.readouts.each do |readout| %>
+      <span><%= readout.quantity.name %>: <%= readout.value %> <%= readout.unit %></span>
+    <% end %>
+  </td>
+  <% if current_user.at_least(:active) %>
+    <td class="actions">
+      <%= image_button_to t('.destroy'), 'delete-outline', measurement_path(measurement),
+        method: :delete %>
+    </td>
+  <% end %>
+<% end %>

app/views/measurements/create.turbo_stream.erb

@@ -0,0 +1,5 @@
+<%= turbo_stream.update :flashes %>
+<%= turbo_stream.remove :measurement_form %>
+<%= turbo_stream.remove :no_items %>
+<%= turbo_stream.enable :new_measurement_link %>
+<%= turbo_stream.prepend :measurements, @measurement %>

app/views/measurements/destroy.turbo_stream.erb

@@ -0,0 +1,3 @@
+<%= turbo_stream.update :flashes %>
+<%= turbo_stream.remove @measurement %>
+<%= turbo_stream.append(:measurements, render_no_items) if @measurements_empty %>

app/views/measurements/index.html.erb

@@ -1,5 +1,5 @@
 <%# TODO: show hint when no quantities/units defined %>
-<div class="rightside-area buttongrid">
+<div class="rightside buttongrid">
   <% if current_user.at_least(:active) %>
     <%= image_link_to t('.new_measurement'), 'plus-outline', new_measurement_path,
       id: :new_measurement_link, onclick: 'this.blur();',
@@ -7,7 +7,9 @@
   <% end %>
 </div>
 
-<table class="main-area">
+<%= tag.div class: 'topside', id: :measurement_form %>
+
+<table class="main">
   <tbody id="measurements">
     <%= render(@measurements) || render_no_items %>
   </tbody>

app/views/measurements/new.turbo_stream.erb

@@ -1,5 +1,4 @@
 <%= turbo_stream.disable :new_measurement_link -%>
-<%= turbo_stream.hide :no_items -%>
-<%= turbo_stream.append_all 'body' do %>
+<%= turbo_stream.update :measurement_form do %>
   <%= render partial: 'form' %>
 <% end %>

app/views/readouts/_form.html.erb

@@ -1,25 +1,22 @@
 <%# TODO: add readout reordering by dragging %>
 <%= tabular_fields_for 'readouts[]', readout do |form| %>
-  <%- tag.tr id: dom_id(readout.quantity, :new, :readout) do %>
-    <td class="actions">
-      <%# TODO: change to _link_ after giving up displaying relative paths %>
-      <%= image_button_tag '', 'delete-outline', class: 'dangerous', name: nil,
-        formaction: discard_readouts_path(readout.quantity),
-        formmethod: :get, formnovalidate: true, data: {turbo_stream: true} %>
-    </td>
+  <%- tag.tr id: dom_id(readout.quantity, :new, :readout),
+             onkeydown: 'processKey(event)' do %>
     <td>
       <%= readout.quantity.relative_pathname(@superquantity) %>
     </td>
     <td>
-      <%= form.number_field :value, required: true,
-        size: readout.type_for_attribute(:value).precision / 2,
-        autofocus: readout_counter == 0 %>
+      <%= form.number_field :value, required: true, autofocus: true, size: 10 %>
     </td>
     <td>
       <%= form.hidden_field :quantity_id %>
       <%= form.collection_select :unit_id, @user_units, :id,
-        ->(u){ sanitize('&emsp;' * (u.base_id ? 1 : 0) + u.symbol) },
-        {prompt: t('.select_unit'), disabled: '', selected: ''}, required: true %>
+        ->(u){ sanitize('&emsp;' * (u.base_id ? 1 : 0) + u.symbol) } %>
+    </td>
+    <td class="actions">
+      <%= image_button_tag '', 'delete-outline', class: 'dangerous', name: :discard,
+        formaction: discard_readouts_path(readout.quantity),
+        formmethod: :get, formnovalidate: true, data: {turbo_stream: true} %>
     </td>
   <% end %>
 <% end %>

app/views/readouts/discard.turbo_stream.erb

@@ -1,4 +1,4 @@
-<%= turbo_stream.disable :create_measurement_button if @prev_quantities.one? %>
 <%= turbo_stream.remove dom_id(@quantity, :new, :readout) %>
+<%= turbo_stream.disable_all 'button[name="discard"]' if @prev_quantities.one? %>
+<%= turbo_stream.enable_all "select.quantity option[value='#{@quantity.id}']" %>
 <%= render partial: 'form_repath' %>
-<%= turbo_stream.unselect dom_id(@quantity) %>

app/views/readouts/new.turbo_stream.erb

@@ -1,8 +1,9 @@
-<% @readouts.each do |r| %>
-  <%= turbo_stream.disable dom_id(r.quantity) %>
-<% end %>
 <%= render partial: 'form_repath' %>
-<%= turbo_stream.append :readouts do %>
+<%# is .one? proper condition? can @readouts be empty? %>
+<%= turbo_stream.enable_all 'button[name="discard"]' if @prev_quantities.one? %>
+<% @readouts.each do |r| %>
+  <%= turbo_stream.disable_all "select.quantity option[value='#{r.quantity_id}']" %>
+<% end %>
+<%= turbo_stream.before :readouts_form do %>
   <%= render partial: 'form', collection: @readouts, as: :readout %>
 <% end %>
-<%= turbo_stream.enable :create_measurement_button if @prev_quantities.empty? %>

app/views/setup/new.html.erb

@@ -0,0 +1,39 @@
+<%= form_with url: setup_path, method: :post, class: "labeled-form main-area" do %>
+
+  <h3 style="grid-column: 1 / -1; text-align: left; margin: 0;">
+    <%= t(".admin_account") %>
+  </h3>
+
+  <label for="admin_email"><%= t(".admin_email") %></label>
+  <%= email_field_tag :admin_email, params[:admin_email],
+        id: "admin_email", required: true, size: 30, autofocus: true,
+        autocomplete: "email" %>
+
+  <label for="admin_password"><%= t(".admin_password") %></label>
+  <%= password_field_tag :admin_password, nil,
+        id: "admin_password", required: true, size: 30,
+        autocomplete: "new-password" %>
+
+  <label for="admin_password_confirmation"><%= t(".admin_password_confirmation") %></label>
+  <%= password_field_tag :admin_password_confirmation, nil,
+        id: "admin_password_confirmation", required: true, size: 30,
+        autocomplete: "off" %>
+
+  <h3 style="grid-column: 1 / -1; text-align: left; margin: 0.5em 0 0 0;">
+    <%= t(".options") %>
+  </h3>
+
+  <label for="skip_email_confirmation" style="grid-column: 1 / 3; text-align: left;">
+    <%= check_box_tag :skip_email_confirmation, "1",
+          params[:skip_email_confirmation] == "1",
+          id: "skip_email_confirmation" %>
+    <%= t(".skip_email_confirmation") %>
+  </label>
+
+  <label for="seed_units" style="grid-column: 1 / 3; text-align: left;">
+    <%= check_box_tag :seed_units, "1", true, id: "seed_units" %>
+    <%= t(".seed_units") %>
+  </label>
+
+  <%= submit_tag t(".submit") %>
+<% end %>

app/views/users/profiles/edit.html.erb

@@ -4,9 +4,8 @@
 <% end %>
 
 <div class="rightside-area buttongrid">
-  <%#= TODO: Disallow/disable deletion for last admin account, image_button_to_if %>
-  <%= image_button_to t('.delete'), 'account-remove-outline', user_registration_path,
-    form_class: 'tools-area', method: :delete, data: {turbo: false},
+  <%= image_button_to_if !current_user.sole_admin?, t('.delete'), 'account-remove-outline',
+    user_registration_path, form_class: 'tools-area', method: :delete, data: {turbo: false},
     onclick: {confirm: t('.confirm_delete')} %>
 </div>
 

config/application.rb.dist

@@ -54,5 +54,9 @@ module FixinMe
 
     # Sender address of account registration-related messages
     Devise.mailer_sender = 'noreply@localhost'
+
+    # Whether to skip e-mail confirmation for new registrations is configured
+    # through the web setup wizard and stored in the database (Setting model),
+    # so it does not need to be set here.
   end
 end

config/credentials.yml.enc

@@ -1 +1 @@
-3nm9KZNtyLhPgZBVzOOkN2FXHD0uEMuzgb5Sl1MrAMmi6+iEFSzyTHfZFW2mz18VyNz5DDYvTODZqBDQKK+FQh70uEQkmGqaY5XsTOzUFzk56quaPNtZvFEGux1nX2avSbYQBs3HeyYyWyTAFhez5j8tVb6sZD2xZ8twa9KAB42j86NIHT9w/ZMFqZbGbdBoR1Mrqoy9/IWv2QgxMTpGR6JBpTUwauXm6wS/bTt8SCXF57JSVgvdw/BxFzoA3Xj6N5E89LbMfh54W2ruMhybka5E7zXN9z0v4oXt8GiYZFIODEYZwqzEVaUK1WXS5qb5OrDJFAzs29Uf/gDrIDx71Lot+jejCS+xFfI9454EnHcVH66wKuwF6ylKupJDffM0hQHplcEfVSq5UiDfbPXm46Vr0g1A--2RrmuzCBuHvYpPNA--ugbuRe7ivfDqeUCt6ahciA==
+OOGMGhfQuV67kqlMecZLcNfgrGS81KPAGmY27GnohtcGSPtiaqL8OZYsVf5IIOaI1K14ZEflln+E2deaIJ5apaq98f+1gJawGbAJeEfLCskJV/03nT8ICpRk+bxT/lzqeCIaUJOLk4708ufC9EpdpJD/jgVSAuI/iNMzzwMbNFvqNmx0Kmgp0mRpHSDGLZZkaP3GW7wdsJEVsNpSPIrkkGL1BvD+nHbmHjuGkn4MMsmm1Yz0M31jkJiDksT0SVeOcxWvOApclxm6VZOAws2l6YKEs/XoE7ye3ssjxdjdwjMzRXV7dwYclNBQGRoERVTozdYiFR4eAGMdlG0RsnUAp+edILH5nvHCIPb3la/dUTOzAQMNY0TqMMVUHGqGuVS/EMCX/w7zrmYN5C+2W8SfugrvTpAL--dUdvsDfbUdVrbmmo--fUwsWUp+DQGPtEF+Zq4ZTw==

config/environments/test.rb

@@ -58,4 +58,7 @@ Rails.application.configure do
   # config.action_view.annotate_rendered_view_with_filenames = true
 
   config.log_level = :info
+
+  # Allow the default integration test host.
+  config.hosts << "www.example.com"
 end

config/locales/en.yml

@@ -85,12 +85,19 @@ en:
     navigation: Measurements
     no_items: There are no measurements taken. You can Add some now.
     form:
-      select_quantity: select the measured quantities...
+      select_quantity: select the measured quantity...
     index:
       new_measurement: Add measurement
+    create:
+      success: Measurement saved.
+    destroy:
+      success: Measurement deleted.
+    measurement:
+      destroy: Delete
   readouts:
     form:
       select_unit: ...
+      new_children: Children
   quantities:
     navigation: Quantities
     no_items: There are no configured quantities. You can Add some or Import from defaults.
@@ -162,7 +169,27 @@ en:
           New password:
           <br><em>leave blank to keep unchanged</em>
           %{password_length_hint_html}
+  registrations:
+    destroy:
+      sole_admin: You cannot delete the only admin account.
   actions: Actions
+  setup:
+    new:
+      admin_account: Admin account
+      admin_email: 'E-mail:'
+      admin_password: 'Password:'
+      admin_password_confirmation: 'Retype password:'
+      options: Options
+      skip_email_confirmation: Skip e-mail confirmation for new registrations
+      seed_units: Seed built-in default units
+      submit: Set up
+    create:
+      email_blank: E-mail cannot be blank.
+      password_blank: Password cannot be blank.
+      password_mismatch: Passwords do not match.
+      success: >
+        Installation complete. You can now sign in with the admin account you
+        just created.
   add: Add
   apply: Apply
   back: Back

config/routes.rb

@@ -1,6 +1,10 @@
 Rails.application.routes.draw do
+  # Web-based installation wizard — only reachable when no admin exists yet.
+  resource :setup, only: [:new, :create], controller: :setup
+
   resources :measurements
 
+
   resources :readouts, only: [:new] do
     collection {get 'new/:id/discard', action: :discard, as: :discard}
   end

db/migrate/20260228171524_create_settings.rb

@@ -0,0 +1,12 @@
+class CreateSettings < ActiveRecord::Migration[7.2]
+  def change
+    create_table :settings do |t|
+      t.string :key, null: false
+      t.string :value
+
+      t.timestamps
+    end
+
+    add_index :settings, :key, unique: true
+  end
+end

db/seeds.rb

@@ -3,6 +3,17 @@
 #   bin/rails db:seed
 # command (or created alongside the database with db:setup).
 # Seeding process should be idempotent.
+#
+# Admin account setup
+# -------------------
+# The preferred way to create the first admin account is through the web setup
+# wizard, which is shown automatically on the first visit when no admin exists.
+# The wizard also lets you configure runtime options (e.g. skip e-mail
+# confirmation) and seed the default units without using the command line.
+#
+# The block below provides an alternative CLI path for headless / automated
+# deployments.  It is skipped when an admin account already exists (e.g. after
+# the web wizard has run).
 
 User.transaction do
   break if User.find_by status: :admin

lib/tasks/test_multi_db.rake

@@ -0,0 +1,50 @@
+namespace :test do
+  desc "Run Rails tests against all supported database adapters (SQLite, MySQL)"
+  task :all_adapters do
+    # DATABASE_URL overrides the adapter from database.yml at runtime.
+    # MySQL requires the mysql2 gem: bundle install --with mysql
+    adapters = {
+      "SQLite" => {
+        "DATABASE_URL" => "sqlite3:db/test.sqlite3"
+      },
+      "MySQL" => {
+        "DATABASE_URL" => format(
+          "mysql2://%s:%s@%s/%s",
+          ENV.fetch("DATABASE_USERNAME", "root"),
+          ENV.fetch("DATABASE_PASSWORD", ""),
+          ENV.fetch("DATABASE_HOST", "127.0.0.1"),
+          ENV.fetch("DATABASE_NAME", "fixin_test")
+        )
+      }
+    }
+
+    failed = []
+
+    adapters.each do |name, extra_env|
+      puts "\n#{"=" * 60}"
+      puts "  Running tests with #{name}"
+      puts "=" * 60
+
+      env = ENV.to_h.merge("RAILS_ENV" => "test").merge(extra_env)
+
+      # Reset test database; db:drop may fail on first run — that's fine
+      system(env, "bin/rails db:drop")
+      unless system(env, "bin/rails db:create db:schema:load")
+        failed << "#{name} (database setup)"
+        next
+      end
+
+      failed << name unless system(env, "bin/rails test")
+    end
+
+    puts "\n#{"=" * 60}"
+    if failed.any?
+      puts "  FAILED: #{failed.join(", ")}"
+      puts "=" * 60
+      exit 1
+    else
+      puts "  All adapters passed!"
+      puts "=" * 60
+    end
+  end
+end

test/controllers/default/units_controller_test.rb

@@ -1,8 +1,12 @@
 require "test_helper"
 
 class Default::UnitsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    sign_in users(:alice)
+  end
+
   test "should get index" do
-    get units_defaults_index_url
+    get default_units_url
     assert_response :success
   end
 end

test/controllers/registrations_controller_test.rb

@@ -0,0 +1,18 @@
+require "test_helper"
+
+class RegistrationsControllerTest < ActionDispatch::IntegrationTest
+  test "sole admin cannot delete account" do
+    sign_in users(:admin)
+    delete user_registration_path
+    assert_redirected_to edit_user_registration_path
+    assert_equal t("registrations.destroy.sole_admin"), flash[:alert]
+    assert User.exists?(users(:admin).id)
+  end
+
+  test "non-admin can delete account" do
+    sign_in users(:alice)
+    assert_difference ->{ User.count }, -1 do
+      delete user_registration_path
+    end
+  end
+end

test/controllers/users_controller_test.rb

@@ -2,7 +2,9 @@ require "test_helper"
 
 class UsersControllerTest < ActionDispatch::IntegrationTest
   setup do
-    @user = users(:one)
+    @admin = users(:admin)
+    @user = users(:alice)
+    sign_in @admin
   end
 
   test "should get index" do
@@ -10,39 +12,25 @@ class UsersControllerTest < ActionDispatch::IntegrationTest
     assert_response :success
   end
 
-  test "should get new" do
-    get new_user_url
-    assert_response :success
-  end
-
-  test "should create user" do
-    assert_difference("User.count") do
-      post users_url, params: { user: { email: @user.email, status: @user.status } }
-    end
-
-    assert_redirected_to user_url(User.last)
-  end
-
   test "should show user" do
     get user_url(@user)
     assert_response :success
   end
 
-  test "should get edit" do
-    get edit_user_url(@user)
-    assert_response :success
-  end
-
   test "should update user" do
-    patch user_url(@user), params: { user: { email: @user.email, status: @user.status } }
-    assert_redirected_to user_url(@user)
+    patch user_url(@user), params: { user: { status: :restricted } }, as: :turbo_stream
+    assert_equal "restricted", @user.reload.status
   end
 
-  test "should destroy user" do
-    assert_difference("User.count", -1) do
-      delete user_url(@user)
-    end
+  test "should not update self" do
+    patch user_url(@admin), params: { user: { status: :active } }, as: :turbo_stream,
+      headers: { "HTTP_REFERER" => users_url }
+    assert_response :redirect
+  end
 
-    assert_redirected_to users_url
+  test "should forbid non-admin" do
+    sign_in @user
+    get users_url
+    assert_response :forbidden
   end
 end

test/system/users_test.rb

@@ -183,7 +183,7 @@ class UsersTest < ApplicationSystemTestCase
   end
 
   test 'delete profile' do
-    user = sign_in
+    user = sign_in user: users.reject(&:admin?).select(&:confirmed?).sample
     # TODO: remove condition after root_url changed to different path than
     # profile in routes.rb
     unless has_current_path?(edit_user_registration_path)
@@ -196,6 +196,14 @@ class UsersTest < ApplicationSystemTestCase
     assert_text t("devise.registrations.destroyed")
   end
 
+  test 'sole admin cannot delete profile' do
+    sign_in user: users(:admin)
+    unless has_current_path?(edit_user_registration_path)
+      first(:link_or_button, users(:admin).email).click
+    end
+    assert find(:button, t("users.registrations.edit.delete"))[:disabled]
+  end
+
   test 'index forbidden for non admin' do
     sign_in user: users.reject(&:admin?).select(&:confirmed?).sample
     visit users_path

test/test_helper.rb

@@ -2,6 +2,10 @@ ENV["RAILS_ENV"] ||= "test"
 require_relative "../config/environment"
 require "rails/test_help"
 
+class ActionDispatch::IntegrationTest
+  include Devise::Test::IntegrationHelpers
+end
+
 class ActiveSupport::TestCase
   # Run tests in parallel with specified workers
   parallelize(workers: :number_of_processors)