Forbid deleting the last staff user

ephios/core/forms/users.py

@@ -280,6 +280,22 @@ def save(self, commit=True):
         return userprofile
 
 
+class DeleteUserProfileForm(Form):
+    def __init__(self, *args, **kwargs):
+        self.instance = kwargs.pop("instance")
+        super().__init__(*args, **kwargs)
+
+    def clean(self):
+        other_staff = UserProfile.objects.filter(is_staff=True).exclude(pk=self.instance.pk)
+        if self.instance.is_staff and not other_staff.exists():
+            raise ValidationError(
+                _(
+                    "At least one user must be technical administrator. "
+                    "Please promote another user before deleting this one."
+                )
+            )
+
+
 class QualificationGrantForm(ModelForm):
     model = QualificationGrant
 

ephios/core/templates/core/userprofile_confirm_delete.html

@@ -1,4 +1,5 @@
 {% extends "base.html" %}
+{% load crispy_forms_filters %}
 {% load i18n %}
 {% load static %}
 
@@ -12,6 +13,7 @@ <h1>{% translate "Delete user" %}</h1>
     </div>
 
     <form method="post">{% csrf_token %}
+        {{ form|as_crispy_errors }}
         <p>{% blocktranslate trimmed with name=userprofile.get_full_name %}
             Are you sure you want to delete the user {{ name }} ({{ userprofile }})?
         {% endblocktranslate %}</p>

ephios/core/views/accounts.py

@@ -10,7 +10,12 @@
 from dynamic_preferences.registries import global_preferences_registry
 
 from ephios.api.access.auth import revoke_all_access_tokens
-from ephios.core.forms.users import GroupForm, QualificationGrantFormset, UserProfileForm
+from ephios.core.forms.users import (
+    DeleteUserProfileForm,
+    GroupForm,
+    QualificationGrantFormset,
+    UserProfileForm,
+)
 from ephios.core.models import QualificationGrant, UserProfile
 from ephios.core.services.notifications.types import (
     NewProfileNotification,
@@ -130,6 +135,12 @@ class UserProfileDeleteView(CustomPermissionRequiredMixin, DeleteView):
     model = UserProfile
     permission_required = "core.delete_userprofile"
     template_name = "core/userprofile_confirm_delete.html"
+    form_class = DeleteUserProfileForm
+
+    def get_form_kwargs(self):
+        kwargs = super().get_form_kwargs()
+        kwargs["instance"] = self.object
+        return kwargs
 
     def get_success_url(self):
         messages.info(

tests/core/test_views_userprofile.py

@@ -184,3 +184,23 @@ def test_staffuser_can_change_is_staff_flag(self, django_app, volunteer, superus
         form["is_staff"] = True
         form.submit()
         assert UserProfile.objects.get(id=volunteer.id).is_staff
+
+    def test_staff_flag_cannot_be_removed_from_last_staff_user(self, django_app, superuser):
+        form = django_app.get(
+            reverse("core:userprofile_edit", kwargs={"pk": superuser.id}), user=superuser
+        ).form
+        form["is_staff"] = False
+        response = form.submit()
+        assert response.status_code == 200
+        assert "least one user must be technical administrator" in response.text
+        assert UserProfile.objects.get(id=superuser.id).is_staff
+
+    def test_last_staff_user_cannot_be_deleted(self, django_app, groups, manager, superuser):
+        response = django_app.get(
+            reverse("core:userprofile_delete", kwargs={"pk": superuser.id}),
+            user=manager,
+        )
+        response = response.form.submit()
+        assert response.status_code == 200
+        assert "least one user must be technical administrator" in response.text
+        assert UserProfile.objects.get(id=superuser.id).is_staff