From 557eb4d27d5865feb15663156c7c70cb30268596 Mon Sep 17 00:00:00 2001
From: Moritz <moritz.m@local-it.org>
Date: Tue, 6 Jan 2026 18:37:34 +0100
Subject: [PATCH] refactor: simplify system role deletion validation

Remove redundant action_type check since validation already
runs only on destroy actions. Add field to error for better
error handling.
---
 lib/mv/authorization/role.ex | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/lib/mv/authorization/role.ex b/lib/mv/authorization/role.ex
index 3397172..ff1f2c1 100644
--- a/lib/mv/authorization/role.ex
+++ b/lib/mv/authorization/role.ex
@@ -88,14 +88,11 @@ defmodule Mv.Authorization.Role do
              message: "must be one of: own_data, read_only, normal_user, admin"
 
     validate fn changeset, _context ->
-               if changeset.action_type == :destroy do
-                 if changeset.data.is_system_role do
-                   {:error,
-                    message:
-                      "Cannot delete system role. System roles are required for the application to function."}
-                 else
-                   :ok
-                 end
+               if changeset.data.is_system_role do
+                 {:error,
+                  field: :is_system_role,
+                  message:
+                    "Cannot delete system role. System roles are required for the application to function."}
                else
                  :ok
                end