From 36e8dcff7c374ea0546dd556a3e009af2cd60b2c Mon Sep 17 00:00:00 2001
From: Michael DeHaan <michael@ansibleworks.com>
Date: Thu, 11 Jul 2013 17:10:55 -0400
Subject: [PATCH] Don't allow deleting yourself or the very last superuser.

---
 awx/main/access.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/awx/main/access.py b/awx/main/access.py
index 6d9d99b5f3..c58c118f47 100644
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -144,6 +144,13 @@ class UserAccess(BaseAccess):
         return bool(obj.organizations.filter(admins__in=[self.user]).count())
 
     def can_delete(self, obj):
+        if obj == self.user:
+            # cannot delete yourself
+            return False
+        super_users = User.objects.filter(is_superuser=True)
+        if obj.is_superuser and super_users.count() == 1:
+            # cannot delete the last superuser
+            return False
         return bool(self.user.is_superuser or 
                     obj.organizations.filter(admins__in=[self.user]).count())