Prevent deletion of system actor user

Add destroy validation and explicit destroy action (primary, require_atomic? false). Validation blocks destroy when email == SystemActor.system_user_email().
2026-01-27 14:29:07 +01:00 · 2026-01-27 14:29:07 +01:00 · 55f322a09b
commit 55f322a09b
parent 63377717e4
1 changed files with 20 additions and 1 deletions
--- a/lib/accounts/user.ex
+++ b/lib/accounts/user.ex
@ -86,7 +86,13 @@ defmodule Mv.Accounts.User do
    #       - :create_user (for manual user creation with optional member link)
    #       - :register_with_password (for password-based registration)
    #       - :register_with_rauthy (for OIDC-based registration)
-    defaults [:read, :destroy]
+    defaults [:read]
+
+    destroy :destroy do
+      primary? true
+      # Required because custom validation (system actor protection) cannot run atomically
+      require_atomic? false
+    end

    # Primary generic update action:
    # - Selected by AshAdmin's generated "Edit" UI and generic AshPhoenix
@ -359,6 +365,19 @@ defmodule Mv.Accounts.User do
        :ok
      end
    end
+
+    # Prevent deletion of the system actor user (required for internal operations)
+    validate fn changeset, _context ->
+               if to_string(changeset.data.email) == Mv.Helpers.SystemActor.system_user_email() do
+                 {:error,
+                  field: :email,
+                  message:
+                    "Cannot delete system actor user. This user is required for internal operations."}
+               else
+                 :ok
+               end
+             end,
+             on: [:destroy]
  end

  def validate_oidc_id_present(changeset, _context) do