Skip to content

Cannot revoke admin rights #16

Open
Open
Cannot revoke admin rights#16
@alexleach

Description

@alexleach
alexleach
opened on Jan 27, 2026

Hi again! Thanks for your great work on timeoff-management.

In the UI, we have four company admins. We want to prune that, but in the UI we get an error:-

Image

The server logs show the following traceback:-

timeoff    | An error occurred when trying to save changes to user account by user 1 : Error: Attempt to revoke admin rights from last admin in comapny 1 Error: Attempt to revoke admin rig
hts from last admin in comapny 1
timeoff    |     at /app/lib/route/users/index.js:602:13
timeoff    |     at tryCatcher (/app/node_modules/bluebird/js/release/util.js:16:23)
timeoff    |     at Promise._settlePromiseFromHandler (/app/node_modules/bluebird/js/release/promise.js:547:31)
timeoff    |     at Promise._settlePromise (/app/node_modules/bluebird/js/release/promise.js:604:18)
timeoff    |     at Promise._settlePromise0 (/app/node_modules/bluebird/js/release/promise.js:649:10)
timeoff    |     at Promise._settlePromises (/app/node_modules/bluebird/js/release/promise.js:729:18)
timeoff    |     at _drainQueueStep (/app/node_modules/bluebird/js/release/async.js:93:12)
timeoff    |     at _drainQueue (/app/node_modules/bluebird/js/release/async.js:86:9)
timeoff    |     at Async._drainQueues (/app/node_modules/bluebird/js/release/async.js:102:5)
timeoff    |     at Async.drainQueues (/app/node_modules/bluebird/js/release/async.js:15:14)
timeoff    |     at process.processImmediate (node:internal/timers:485:21)
timeoff    | POST /users/edit/2/ 302 104.269 ms - 30
timeoff    | GET /users/edit/2/ 200 93.158 ms - 16552

The relevant code in route/users/index.js looks alright to me:-

  if (
    // It is about to change admin rights
    new_user_attributes.admin !== employee.admin &&
    // and it is revoking admin rights
    !new_user_attributes.admin
  ) {
    return model.User.count({
      where: {
        company_id: employee.company_id,
        id: { $ne: employee.id },
        admin: true
      }
    }).then(number_of_admins_to_be_left => {
      if (number_of_admins_to_be_left > 0) {
        return Promise.resolve()
      }

      req.session.flash_error(
        'This is last admin within company. Cannot revoke admin rights.'
      )
      throw new Error(
        'Attempt to revoke admin rights from last admin in comapny ' +
          employee.company_id
      )
    })
  }

Any idea why this might be failing?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions