Problem
The admin panel allows an admin to delete their own account via the user management interface. If the last admin account is deleted, the system becomes permanently locked out — there is no way to create new admin accounts without direct database/code access.
Requirements
- In
delete_user(), check if the user being deleted is an admin AND is the last admin account. If so, reject the deletion.
- Prevent admins from deleting their own account via the admin panel.
- Add appropriate error messages (using
flash_message with the session language).
- Add logging for blocked deletion attempts.
- Add unit tests covering:
- Last admin trying to delete themselves
- Last admin trying to delete another admin
- Second-to-last admin deleting another admin (should succeed)
- Non-admin deleting an admin account (should succeed)
Problem
The admin panel allows an admin to delete their own account via the user management interface. If the last admin account is deleted, the system becomes permanently locked out — there is no way to create new admin accounts without direct database/code access.
Requirements
delete_user(), check if the user being deleted is an admin AND is the last admin account. If so, reject the deletion.flash_messagewith the session language).