feat: prevent deletion of roles with assigned users

2026-01-08 12:05:56 +01:00 · 2026-01-08 12:05:56 +01:00 · 8afccf1dd0
commit 8afccf1dd0
parent 1dd7c0eaa0
5 changed files with 89 additions and 30 deletions
--- a/lib/mv_web/live/role_live/index.ex
+++ b/lib/mv_web/live/role_live/index.ex
@ -62,25 +62,40 @@ defmodule MvWeb.RoleLive.Index do
  @impl true
  def handle_event("delete", %{"id" => id}, socket) do
    {:ok, role} = Authorization.get_role(id)
+    user_count = get_user_count(role, socket.assigns.user_counts)

-    case Authorization.destroy_role(role) do
-      :ok ->
-        updated_roles = Enum.reject(socket.assigns.roles, &(&1.id == id))
+    if user_count > 0 do
+      {:noreply,
+       put_flash(
+         socket,
+         :error,
+         gettext(
+           "Cannot delete role. %{count} user(s) are still assigned to this role. Please assign them to another role first.",
+           count: user_count
+         )
+       )}
+    else
+      case Authorization.destroy_role(role) do
+        :ok ->
+          updated_roles = Enum.reject(socket.assigns.roles, &(&1.id == id))
+          updated_counts = Map.delete(socket.assigns.user_counts, id)

-        {:noreply,
-         socket
-         |> assign(:roles, updated_roles)
-         |> put_flash(:info, gettext("Role deleted successfully"))}
+          {:noreply,
+           socket
+           |> assign(:roles, updated_roles)
+           |> assign(:user_counts, updated_counts)
+           |> put_flash(:info, gettext("Role deleted successfully"))}

-      {:error, error} ->
-        error_message = format_error(error)
+        {:error, error} ->
+          error_message = format_error(error)

-        {:noreply,
-         put_flash(
-           socket,
-           :error,
-           gettext("Failed to delete role: %{error}", error: error_message)
-         )}
+          {:noreply,
+           put_flash(
+             socket,
+             :error,
+             gettext("Failed to delete role: %{error}", error: error_message)
+           )}
+      end
    end
  end

--- a/lib/mv_web/live/role_live/show.ex
+++ b/lib/mv_web/live/role_live/show.ex
@ -12,6 +12,10 @@ defmodule MvWeb.RoleLive.Show do
  """
  use MvWeb, :live_view

+  alias Mv.Accounts
+
+  require Ash.Query
+
  @impl true
  def mount(%{"id" => id}, _session, socket) do
    # Ensure current_user has role loaded for authorization checks
@ -32,33 +36,55 @@ defmodule MvWeb.RoleLive.Show do
      end

    role = Ash.get!(Mv.Authorization.Role, id, domain: Mv.Authorization)
+    user_count = load_user_count(role)

    {:ok,
     socket
     |> assign(:page_title, gettext("Show Role"))
-     |> assign(:role, role)}
+     |> assign(:role, role)
+     |> assign(:user_count, user_count)}
  end

  @impl true
  def handle_event("delete", %{"id" => id}, socket) do
    {:ok, role} = Mv.Authorization.get_role(id)
+    user_count = socket.assigns.user_count

-    case Mv.Authorization.destroy_role(role) do
-      :ok ->
-        {:noreply,
-         socket
-         |> put_flash(:info, gettext("Role deleted successfully."))
-         |> push_navigate(to: ~p"/admin/roles")}
+    if user_count > 0 do
+      {:noreply,
+       put_flash(
+         socket,
+         :error,
+         gettext(
+           "Cannot delete role. %{count} user(s) are still assigned to this role. Please assign them to another role first.",
+           count: user_count
+         )
+       )}
+    else
+      case Mv.Authorization.destroy_role(role) do
+        :ok ->
+          {:noreply,
+           socket
+           |> put_flash(:info, gettext("Role deleted successfully."))
+           |> push_navigate(to: ~p"/admin/roles")}

-      {:error, error} ->
-        error_message = format_error(error)
+        {:error, error} ->
+          error_message = format_error(error)

-        {:noreply,
-         put_flash(
-           socket,
-           :error,
-           gettext("Failed to delete role: %{error}", error: error_message)
-         )}
+          {:noreply,
+           put_flash(
+             socket,
+             :error,
+             gettext("Failed to delete role: %{error}", error: error_message)
+           )}
+      end
+    end
+  end
+
+  defp load_user_count(role) do
+    case Ash.count(Accounts.User |> Ash.Query.filter(role_id == ^role.id)) do
+      {:ok, count} -> count
+      _ -> 0
    end
  end

--- a/priv/gettext/de/LC_MESSAGES/default.po
+++ b/priv/gettext/de/LC_MESSAGES/default.po
@ -1994,3 +1994,9 @@ msgstr "Rolle erfolgreich gelöscht."
 #, elixir-autogen, elixir-format, fuzzy
 msgid "Roles"
 msgstr "Rollen"
+
+#: lib/mv_web/live/role_live/index.ex
+#: lib/mv_web/live/role_live/show.ex
+#, elixir-autogen, elixir-format
+msgid "Cannot delete role. %{count} user(s) are still assigned to this role. Please assign them to another role first."
+msgstr "Rolle kann nicht gelöscht werden. %{count} Benutzer*in(nen) sind dieser Rolle noch zugeordnet. Bitte weisen Sie sie zunächst einer anderen Rolle zu."
--- a/priv/gettext/default.pot
+++ b/priv/gettext/default.pot
@ -1995,3 +1995,9 @@ msgstr ""
 #, elixir-autogen, elixir-format
 msgid "Roles"
 msgstr ""
+
+#: lib/mv_web/live/role_live/index.ex
+#: lib/mv_web/live/role_live/show.ex
+#, elixir-autogen, elixir-format
+msgid "Cannot delete role. %{count} user(s) are still assigned to this role. Please assign them to another role first."
+msgstr ""
--- a/priv/gettext/en/LC_MESSAGES/default.po
+++ b/priv/gettext/en/LC_MESSAGES/default.po
@ -1995,3 +1995,9 @@ msgstr ""
 #, elixir-autogen, elixir-format, fuzzy
 msgid "Roles"
 msgstr ""
+
+#: lib/mv_web/live/role_live/index.ex
+#: lib/mv_web/live/role_live/show.ex
+#, elixir-autogen, elixir-format
+msgid "Cannot delete role. %{count} user(s) are still assigned to this role. Please assign them to another role first."
+msgstr ""