fix(cli): guard last admin on scheduled CLI deletion path

The last-admin guard was only enforced in the --now branch of 'user delete'. The default scheduled path called user.RequestDeletion without the guard, letting an operator schedule deletion of the last reachable admin via the CLI; the cron flow would then confirm and execute it, violating the invariant the HTTP admin API already enforces.
2026-04-20 19:40:29 +02:00 · 2026-04-20 19:40:29 +02:00 · c8893f4533
parent d64ca0c777
commit c8893f4533
1 changed files with 4 additions and 0 deletions
--- a/pkg/cmd/user.go
+++ b/pkg/cmd/user.go
@ -447,6 +447,10 @@ var userDeleteCmd = &cobra.Command{
 				log.Fatalf("Error removing the user: %s", err)
 			}
 		} else {
+			if err := user.GuardLastAdmin(s, u); err != nil {
+				_ = s.Rollback()
+				log.Fatalf("Could not request user deletion: %s", err)
+			}
 			err := user.RequestDeletion(s, u)
 			if err != nil {
 				_ = s.Rollback()