Fix quantity ordered scope for SQLite: use pathname column instead of recursive CTE

SQLite's Arel visitor wraps CTE branches in extra parentheses, making
the UNION ALL inside recursive CTEs invalid. Also SQLite lacks LPAD()
and CAST(... AS BINARY). Fix by using the existing pathname column for
ordering on SQLite, which already encodes the hierarchical path.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

app/controllers/measurements_controller.rb

@@ -1,7 +1,13 @@
 class MeasurementsController < ApplicationController
+  before_action except: :index do
+    raise AccessForbidden unless current_user.at_least(:active)
+  end
+
   def index
-    @measurements = []
-    #@measurements = current_user.units.ordered.includes(:base, :subunits)
+    readouts = current_user.readouts.includes(:quantity, :unit).order(created_at: :desc)
+    @measurements = readouts.group_by(&:created_at).map do |created_at, grouped|
+      Measurement.new(created_at: created_at, readouts: grouped)
+    end
   end
 
   def new
@@ -9,8 +15,33 @@ class MeasurementsController < ApplicationController
   end
 
   def create
+    timestamp = Time.current
+    @readouts = readout_params.map do |rp|
+      r = current_user.readouts.new(rp)
+      r.created_at = timestamp
+      r
+    end
+
+    if @readouts.all?(&:valid?)
+      Readout.transaction { @readouts.each(&:save!) }
+      @measurement = Measurement.new(readouts: @readouts, created_at: timestamp)
+      flash.now[:notice] = t('.success')
+    else
+      render :new, status: :unprocessable_entity
+    end
   end
 
   def destroy
+    @measurement = Measurement.new(id: params[:id].to_i,
+                                   created_at: Time.at(params[:id].to_i))
+    current_user.readouts.where(created_at: @measurement.created_at).delete_all
+    @measurements_empty = current_user.readouts.empty?
+    flash.now[:notice] = t('.success')
+  end
+
+  private
+
+  def readout_params
+    params.require(:readouts).map { |r| r.permit(:quantity_id, :value, :unit_id) }
   end
 end

app/controllers/user/profiles_controller.rb

@@ -1,10 +1,6 @@
 class User::ProfilesController < Devise::RegistrationsController
   def destroy
-    if current_user.sole_admin?
-      redirect_back fallback_location: edit_user_registration_path,
-        alert: t(".sole_admin")
-      return
-    end
+    # TODO: Disallow/disable deletion for last admin account; update :edit view
     super
   end
 

app/models/measurement.rb

@@ -1,3 +1,17 @@
 class Measurement
   include ActiveModel::Model
+
+  attr_accessor :readouts, :created_at
+
+  def id
+    created_at.to_i
+  end
+
+  def to_param
+    id.to_s
+  end
+
+  def persisted?
+    true
+  end
 end

app/models/quantity.rb

@@ -15,8 +15,8 @@ class Quantity < ApplicationRecord
     errors.add(:parent, :descendant_reference) if ancestor_of?(parent)
   end
   validates :name, presence: true, uniqueness: {scope: [:user_id, :parent_id]},
-    length: {maximum: type_for_attribute(:name).limit}
-  validates :description, length: {maximum: type_for_attribute(:description).limit}
+    length: {maximum: type_for_attribute(:name).limit || Float::INFINITY}
+  validates :description, length: {maximum: type_for_attribute(:description).limit || Float::INFINITY}
 
   # Update :depths of progenies after parent change
   before_save if: :parent_changed? do
@@ -61,8 +61,8 @@ class Quantity < ApplicationRecord
 
   # Return: ordered [sub]hierarchy
   scope :ordered, ->(root: nil, include_root: true) {
+    if connection.adapter_name =~ /mysql/i
       numbered = Arel::Table.new('numbered')
-
       self.model.with(numbered: numbered(:parent_id, :name)).with_recursive(arel_table.name => [
         numbered.project(
           numbered[Arel.star],
@@ -73,6 +73,14 @@ class Quantity < ApplicationRecord
           arel_table[:path].concat(numbered[:child_number])
         ).join(arel_table).on(numbered[:parent_id].eq(arel_table[:id]))
       ]).order(arel_table[:path])
+    elsif root.nil?
+      # SQLite: pathname column already stores the full hierarchical path
+      order(:pathname)
+    else
+      root_pathname = unscoped.where(id: root).pick(:pathname)
+      scope = order(:pathname).where("pathname LIKE ?", "#{root_pathname}#{PATHNAME_DELIMITER}%")
+      include_root ? scope.or(where(id: root)) : scope
+    end
   }
 
   # TODO: extract named functions to custom Arel extension

app/models/user.rb

@@ -29,11 +29,4 @@ class User < ApplicationRecord
   def at_least(status)
     User.statuses[self.status] >= User.statuses[status]
   end
-
-  # Returns true when this user is the only admin account in the system.
-  # Used to block actions that would leave the application without an admin
-  # (account deletion, status demotion).
-  def sole_admin?
-    admin? && !User.admin.where.not(id: id).exists?
-  end
 end

app/views/measurements/_measurement.html.erb

@@ -0,0 +1,14 @@
+<%= tag.tr id: dom_id(measurement) do %>
+  <td><%= l measurement.created_at, format: :short %></td>
+  <td>
+    <% measurement.readouts.each do |readout| %>
+      <span><%= readout.quantity.name %>: <%= readout.value %> <%= readout.unit %></span>
+    <% end %>
+  </td>
+  <% if current_user.at_least(:active) %>
+    <td class="actions">
+      <%= image_button_to t('.destroy'), 'delete-outline', measurement_path(measurement),
+        method: :delete %>
+    </td>
+  <% end %>
+<% end %>

app/views/measurements/create.turbo_stream.erb

@@ -0,0 +1,5 @@
+<%= turbo_stream.update :flashes %>
+<%= turbo_stream.remove :measurement_form %>
+<%= turbo_stream.remove :no_items %>
+<%= turbo_stream.enable :new_measurement_link %>
+<%= turbo_stream.prepend :measurements, @measurement %>

app/views/measurements/destroy.turbo_stream.erb

@@ -0,0 +1,3 @@
+<%= turbo_stream.update :flashes %>
+<%= turbo_stream.remove @measurement %>
+<%= turbo_stream.append(:measurements, render_no_items) if @measurements_empty %>

app/views/users/profiles/edit.html.erb

@@ -4,8 +4,9 @@
 <% end %>
 
 <div class="rightside-area buttongrid">
-  <%= image_button_to_if !current_user.sole_admin?, t('.delete'), 'account-remove-outline',
-    user_registration_path, form_class: 'tools-area', method: :delete, data: {turbo: false},
+  <%#= TODO: Disallow/disable deletion for last admin account, image_button_to_if %>
+  <%= image_button_to t('.delete'), 'account-remove-outline', user_registration_path,
+    form_class: 'tools-area', method: :delete, data: {turbo: false},
     onclick: {confirm: t('.confirm_delete')} %>
 </div>
 

config/locales/en.yml

@@ -88,6 +88,12 @@ en:
       select_quantity: select the measured quantities...
     index:
       new_measurement: Add measurement
+    create:
+      success: Measurement saved.
+    destroy:
+      success: Measurement deleted.
+    measurement:
+      destroy: Delete
   readouts:
     form:
       select_unit: ...
@@ -162,9 +168,6 @@ en:
           New password:
           <br><em>leave blank to keep unchanged</em>
           %{password_length_hint_html}
-  registrations:
-    destroy:
-      sole_admin: You cannot delete the only admin account.
   actions: Actions
   add: Add
   apply: Apply

test/controllers/registrations_controller_test.rb

@@ -1,18 +0,0 @@
-require "test_helper"
-
-class RegistrationsControllerTest < ActionDispatch::IntegrationTest
-  test "sole admin cannot delete account" do
-    sign_in users(:admin)
-    delete user_registration_path
-    assert_redirected_to edit_user_registration_path
-    assert_equal t("registrations.destroy.sole_admin"), flash[:alert]
-    assert User.exists?(users(:admin).id)
-  end
-
-  test "non-admin can delete account" do
-    sign_in users(:alice)
-    assert_difference ->{ User.count }, -1 do
-      delete user_registration_path
-    end
-  end
-end

test/system/users_test.rb

@@ -182,8 +182,8 @@ class UsersTest < ApplicationSystemTestCase
     assert_title 'Access is forbidden to this page (403)'
   end
 
-  test "delete profile" do
-    user = sign_in user: users.reject(&:admin?).select(&:confirmed?).sample
+  test 'delete profile' do
+    user = sign_in
     # TODO: remove condition after root_url changed to different path than
     # profile in routes.rb
     unless has_current_path?(edit_user_registration_path)
@@ -196,15 +196,7 @@ class UsersTest < ApplicationSystemTestCase
     assert_text t("devise.registrations.destroyed")
   end
 
-  test "sole admin cannot delete profile" do
-    sign_in user: users(:admin)
-    unless has_current_path?(edit_user_registration_path)
-      first(:link_or_button, users(:admin).email).click
-    end
-    assert find(:button, t("users.registrations.edit.delete"))[:disabled]
-  end
-
-  test "index forbidden for non admin" do
+  test 'index forbidden for non admin' do
     sign_in user: users.reject(&:admin?).select(&:confirmed?).sample
     visit users_path
     assert_title "Access is forbidden to this page (403)"