forked from fixin.me/fixin.me
barbie-bot
0daf413b47
Without this guard, the last admin in the system could delete their own account, making the application unmanageable. This adds a model method `User#sole_admin?`, a controller guard in `RegistrationsController#destroy`, and disables the delete button in the profile edit view when the current user is the only remaining admin. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
19 lines
535 B
Ruby
19 lines
535 B
Ruby
require "test_helper"
|
|
|
|
class RegistrationsControllerTest < ActionDispatch::IntegrationTest
|
|
test "sole admin cannot delete account" do
|
|
sign_in users(:admin)
|
|
delete user_registration_path
|
|
assert_redirected_to edit_user_registration_path
|
|
assert_equal t("registrations.destroy.sole_admin"), flash[:alert]
|
|
assert User.exists?(users(:admin).id)
|
|
end
|
|
|
|
test "non-admin can delete account" do
|
|
sign_in users(:alice)
|
|
assert_difference ->{ User.count }, -1 do
|
|
delete user_registration_path
|
|
end
|
|
end
|
|
end
|