forked from fixin.me/fixin.me
barbie-bot
0daf413b47
Without this guard, the last admin in the system could delete their own account, making the application unmanageable. This adds a model method `User#sole_admin?`, a controller guard in `RegistrationsController#destroy`, and disables the delete button in the profile edit view when the current user is the only remaining admin. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
40 lines
1.1 KiB
Ruby
40 lines
1.1 KiB
Ruby
class RegistrationsController < Devise::RegistrationsController
|
|
before_action :authenticate_user!, only: [:edit, :update, :destroy]
|
|
|
|
def destroy
|
|
if current_user.sole_admin?
|
|
redirect_back fallback_location: edit_user_registration_path,
|
|
alert: t(".sole_admin")
|
|
return
|
|
end
|
|
super
|
|
end
|
|
|
|
protected
|
|
|
|
def build_resource(hash = {})
|
|
super
|
|
# Skip the email confirmation step when the admin has enabled this option
|
|
# via the web setup wizard (stored as the "skip_email_confirmation" Setting).
|
|
# The account becomes active immediately so the user can sign in right after
|
|
# registering.
|
|
resource.skip_confirmation! if Setting.get("skip_email_confirmation") == "true"
|
|
end
|
|
|
|
def update_resource(resource, params)
|
|
# Based on update_with_password()
|
|
if params[:password].blank?
|
|
params.delete(:password)
|
|
params.delete(:password_confirmation) if params[:password_confirmation].blank?
|
|
end
|
|
|
|
result = resource.update(params)
|
|
resource.clean_up_passwords
|
|
result
|
|
end
|
|
|
|
def after_inactive_sign_up_path_for(resource)
|
|
new_user_session_path
|
|
end
|
|
end
|