feat: prevent deletion of roles with assigned users

lib/mv_web/live/role_live/index.ex

@@ -62,25 +62,40 @@ defmodule MvWeb.RoleLive.Index do
   @impl true
   def handle_event("delete", %{"id" => id}, socket) do
     {:ok, role} = Authorization.get_role(id)
+    user_count = get_user_count(role, socket.assigns.user_counts)
 
-    case Authorization.destroy_role(role) do
+    if user_count > 0 do
-      :ok ->
+      {:noreply,
-        updated_roles = Enum.reject(socket.assigns.roles, &(&1.id == id))
+       put_flash(
+         socket,
+         :error,
+         gettext(
+           "Cannot delete role. %{count} user(s) are still assigned to this role. Please assign them to another role first.",
+           count: user_count
+         )
+       )}
+    else
+      case Authorization.destroy_role(role) do
+        :ok ->
+          updated_roles = Enum.reject(socket.assigns.roles, &(&1.id == id))
+          updated_counts = Map.delete(socket.assigns.user_counts, id)
 
-        {:noreply,
+          {:noreply,
-         socket
+           socket
-         |> assign(:roles, updated_roles)
+           |> assign(:roles, updated_roles)
-         |> put_flash(:info, gettext("Role deleted successfully"))}
+           |> assign(:user_counts, updated_counts)
+           |> put_flash(:info, gettext("Role deleted successfully"))}
 
-      {:error, error} ->
+        {:error, error} ->
-        error_message = format_error(error)
+          error_message = format_error(error)
 
-        {:noreply,
+          {:noreply,
-         put_flash(
+           put_flash(
-           socket,
+             socket,
-           :error,
+             :error,
-           gettext("Failed to delete role: %{error}", error: error_message)
+             gettext("Failed to delete role: %{error}", error: error_message)
-         )}
+           )}
+      end
     end
   end
 

lib/mv_web/live/role_live/show.ex

@@ -12,6 +12,10 @@ defmodule MvWeb.RoleLive.Show do
   """
   use MvWeb, :live_view
 
+  alias Mv.Accounts
+
+  require Ash.Query
+
   @impl true
   def mount(%{"id" => id}, _session, socket) do
     # Ensure current_user has role loaded for authorization checks
@@ -32,33 +36,55 @@ defmodule MvWeb.RoleLive.Show do
       end
 
     role = Ash.get!(Mv.Authorization.Role, id, domain: Mv.Authorization)
+    user_count = load_user_count(role)
 
     {:ok,
      socket
      |> assign(:page_title, gettext("Show Role"))
-     |> assign(:role, role)}
+     |> assign(:role, role)
+     |> assign(:user_count, user_count)}
   end
 
   @impl true
   def handle_event("delete", %{"id" => id}, socket) do
     {:ok, role} = Mv.Authorization.get_role(id)
+    user_count = socket.assigns.user_count
 
-    case Mv.Authorization.destroy_role(role) do
+    if user_count > 0 do
-      :ok ->
+      {:noreply,
-        {:noreply,
+       put_flash(
-         socket
+         socket,
-         |> put_flash(:info, gettext("Role deleted successfully."))
+         :error,
-         |> push_navigate(to: ~p"/admin/roles")}
+         gettext(
+           "Cannot delete role. %{count} user(s) are still assigned to this role. Please assign them to another role first.",
+           count: user_count
+         )
+       )}
+    else
+      case Mv.Authorization.destroy_role(role) do
+        :ok ->
+          {:noreply,
+           socket
+           |> put_flash(:info, gettext("Role deleted successfully."))
+           |> push_navigate(to: ~p"/admin/roles")}
 
-      {:error, error} ->
+        {:error, error} ->
-        error_message = format_error(error)
+          error_message = format_error(error)
 
-        {:noreply,
+          {:noreply,
-         put_flash(
+           put_flash(
-           socket,
+             socket,
-           :error,
+             :error,
-           gettext("Failed to delete role: %{error}", error: error_message)
+             gettext("Failed to delete role: %{error}", error: error_message)
-         )}
+           )}
+      end
+    end
+  end
+
+  defp load_user_count(role) do
+    case Ash.count(Accounts.User |> Ash.Query.filter(role_id == ^role.id)) do
+      {:ok, count} -> count
+      _ -> 0
     end
   end
 

priv/gettext/de/LC_MESSAGES/default.po

@@ -1983,6 +1983,12 @@ msgstr "Rolle erfolgreich gelöscht."
 msgid "Roles"
 msgstr "Rollen"
 
+#: lib/mv_web/live/role_live/index.ex
+#: lib/mv_web/live/role_live/show.ex
+#, elixir-autogen, elixir-format
+msgid "Cannot delete role. %{count} user(s) are still assigned to this role. Please assign them to another role first."
+msgstr "Rolle kann nicht gelöscht werden. %{count} Benutzer*in(nen) sind dieser Rolle noch zugeordnet. Bitte weisen Sie sie zunächst einer anderen Rolle zu."
+
 #~ #: lib/mv_web/live/member_live/form.ex
 #~ #: lib/mv_web/live/member_live/show.ex
 #~ #: lib/mv_web/translations/member_fields.ex

priv/gettext/default.pot

@@ -1983,3 +1983,9 @@ msgstr ""
 #, elixir-autogen, elixir-format
 msgid "Roles"
 msgstr ""
+
+#: lib/mv_web/live/role_live/index.ex
+#: lib/mv_web/live/role_live/show.ex
+#, elixir-autogen, elixir-format
+msgid "Cannot delete role. %{count} user(s) are still assigned to this role. Please assign them to another role first."
+msgstr ""

priv/gettext/en/LC_MESSAGES/default.po

@@ -1984,6 +1984,12 @@ msgstr ""
 msgid "Roles"
 msgstr ""
 
+#: lib/mv_web/live/role_live/index.ex
+#: lib/mv_web/live/role_live/show.ex
+#, elixir-autogen, elixir-format
+msgid "Cannot delete role. %{count} user(s) are still assigned to this role. Please assign them to another role first."
+msgstr ""
+
 #~ #: lib/mv_web/live/components/payment_filter_component.ex
 #~ #, elixir-autogen, elixir-format
 #~ msgid "All payment statuses"