forked from fixin.me/fixin.me
barbie-bot
f626a814a8
Without this guard, the last admin in the system could delete their own account, making the application unmanageable. This adds a model method `User#sole_admin?`, a controller guard in `RegistrationsController#destroy`, and disables the delete button in the profile edit view when the current user is the only remaining admin. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
29 lines
668 B
Ruby
29 lines
668 B
Ruby
class User::ProfilesController < Devise::RegistrationsController
|
|
def destroy
|
|
if current_user.sole_admin?
|
|
redirect_back fallback_location: edit_user_registration_path,
|
|
alert: t(".sole_admin")
|
|
return
|
|
end
|
|
super
|
|
end
|
|
|
|
protected
|
|
|
|
def update_resource(resource, params)
|
|
# Based on update_with_password()
|
|
if params[:password].blank?
|
|
params.delete(:password)
|
|
params.delete(:password_confirmation) if params[:password_confirmation].blank?
|
|
end
|
|
|
|
result = resource.update(params)
|
|
resource.clean_up_passwords
|
|
result
|
|
end
|
|
|
|
def after_inactive_sign_up_path_for(resource)
|
|
new_user_session_path
|
|
end
|
|
end
|