Prevent sole admin from deleting their account

Without this guard, the last admin in the system could delete their own account, making the application unmanageable. This adds a model method `User#sole_admin?`, a controller guard in `RegistrationsController#destroy`, and disables the delete button in the profile edit view when the current user is the only remaining admin. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Fix controller tests and SQLite compatibility for defaults_diff
2026-03-10 17:50:47 +00:00 · 2026-03-10 17:50:19 +00:00 · 2026-03-10 17:50:19 +00:00 · 2026-03-10 17:50:19 +00:00
6 changed files with 44 additions and 5 deletions
--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@@ -2,7 +2,11 @@ class RegistrationsController < Devise::RegistrationsController
  before_action :authenticate_user!, only: [:edit, :update, :destroy]

  def destroy
-    # TODO: Disallow/disable deletion for last admin account; update :edit view
+    if current_user.sole_admin?
+      redirect_back fallback_location: edit_user_registration_path,
+        alert: t(".sole_admin")
+      return
+    end
    super
  end

--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -29,4 +29,11 @@ class User < ApplicationRecord
  def at_least(status)
    User.statuses[self.status] >= User.statuses[status]
  end
+
+  # Returns true when this user is the only admin account in the system.
+  # Used to block actions that would leave the application without an admin
+  # (account deletion, status demotion).
+  def sole_admin?
+    admin? && !User.admin.where.not(id: id).exists?
+  end
 end
--- a/app/views/users/registrations/edit.html.erb
+++ b/app/views/users/registrations/edit.html.erb
@@ -4,9 +4,8 @@
 <% end %>

 <div class="rightside-area buttongrid">
-  <%#= TODO: Disallow/disable deletion for last admin account, image_button_to_if %>
-  <%= image_button_to t('.delete'), 'account-remove-outline', user_registration_path,
-    form_class: 'tools-area', method: :delete, data: {turbo: false},
+  <%= image_button_to_if !current_user.sole_admin?, t('.delete'), 'account-remove-outline',
+    user_registration_path, form_class: 'tools-area', method: :delete, data: {turbo: false},
    onclick: {confirm: t('.confirm_delete')} %>
 </div>

--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -162,6 +162,9 @@ en:
          New password:
          <br><em>leave blank to keep unchanged</em>
          %{password_length_hint_html}
+  registrations:
+    destroy:
+      sole_admin: You cannot delete the only admin account.
  actions: Actions
  setup:
    new:
--- a/test/controllers/registrations_controller_test.rb
+++ b/test/controllers/registrations_controller_test.rb
@@ -0,0 +1,18 @@
+require "test_helper"
+
+class RegistrationsControllerTest < ActionDispatch::IntegrationTest
+  test "sole admin cannot delete account" do
+    sign_in users(:admin)
+    delete user_registration_path
+    assert_redirected_to edit_user_registration_path
+    assert_equal t("registrations.destroy.sole_admin"), flash[:alert]
+    assert User.exists?(users(:admin).id)
+  end
+
+  test "non-admin can delete account" do
+    sign_in users(:alice)
+    assert_difference ->{ User.count }, -1 do
+      delete user_registration_path
+    end
+  end
+end
--- a/test/system/users_test.rb
+++ b/test/system/users_test.rb
@@ -149,7 +149,7 @@ class UsersTest < ApplicationSystemTestCase
  end

  test "delete profile" do
-    user = sign_in
+    user = sign_in user: users.reject(&:admin?).select(&:confirmed?).sample
    # TODO: remove condition after root_url changed to different path than
    # profile in routes.rb
    unless has_current_path?(edit_user_registration_path)
@@ -162,6 +162,14 @@ class UsersTest < ApplicationSystemTestCase
    assert_text t("devise.registrations.destroyed")
  end

+  test "sole admin cannot delete profile" do
+    sign_in user: users(:admin)
+    unless has_current_path?(edit_user_registration_path)
+      first(:link_or_button, users(:admin).email).click
+    end
+    assert find(:button, t("users.registrations.edit.delete"))[:disabled]
+  end
+
  test "index forbidden for non admin" do
    sign_in user: users.reject(&:admin?).select(&:confirmed?).sample
    visit users_path
Author	SHA1	Message	Date
barbie-bot	1efb1ad86e	Prevent sole admin from deleting their account Without this guard, the last admin in the system could delete their own account, making the application unmanageable. This adds a model method `User#sole_admin?`, a controller guard in `RegistrationsController#destroy`, and disables the delete button in the profile edit view when the current user is the only remaining admin. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-10 17:50:47 +00:00
barbie-bot	238e8eb846	Fix controller tests and SQLite compatibility for defaults_diff Test infrastructure: - Allow www.example.com host in test env (ActionDispatch::HostAuthorization was blocking all integration test requests) - Include Devise::Test::IntegrationHelpers in ActionDispatch::IntegrationTest so tests can sign in with sign_in(user) Controller tests: - Rewrite UsersControllerTest to match actual routes/actions (no new/create/ edit/destroy); sign in as admin; test update-self rejection via turbo_stream - Fix Default::UnitsControllerTest to sign in before requesting the index SQLite compatibility in Unit#defaults_diff: - Hoist the inner "units" CTE to the outer WITH RECURSIVE level (fixes nested WITH syntax error) — this was the existing TODO in the code - Use Unit.joins(...) for the recursive part instead of a raw Arel::SelectManager so the SQLite visitor does not wrap it in parentheses inside UNION ALL - Drop the named "units" CTE (conflicts with the table name under WITH RECURSIVE in SQLite); apply the user/defaults scope directly on the base case - Qualify GROUP BY columns to avoid ambiguity when bases_units is joined - Qualify ORDER BY :multiplier/:symbol to avoid ambiguity (Unit.ordering) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-10 17:50:19 +00:00
barbie-bot	37199f85df	Use committed database.yml instead of generating it in CI The repo's config/database.yml already handles both SQLite (default) and MySQL (DB_ADAPTER=mysql) via ERB. Remove the redundant steps that overwrote it with a hardcoded version, and pass DB_ADAPTER=mysql for the MySQL job. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-10 17:50:19 +00:00
barbie-bot	7e1eacbc33	Add multi-adapter test support: SQLite + MySQL via Gitea Actions and rake task - .gitea/workflows/test.yml: two parallel CI jobs (SQLite and MySQL), each generates its own database.yml inline and runs the test suite - lib/tasks/test_multi_db.rake: `rails test:all_adapters` runs both adapters sequentially using DATABASE_URL to switch at runtime Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-10 17:50:19 +00:00