When an organization is created, we automatically create a role with the :organization_administrator ability and assign that role to the user.
When this ability gets removed from the role and no other role has this ability, the organization can get unmanageable, because no user has the permission for that.
To prevent this, we should add a check in OrganizationRoles::AssignAbilitiesService and OrganizationRoles::DeleteService to ensure that at least one role still has the :organization_administrator ability and that other role is assigned to a user.
When an organization is created, we automatically create a role with the
:organization_administrator
ability and assign that role to the user.When this ability gets removed from the role and no other role has this ability, the organization can get unmanageable, because no user has the permission for that.
To prevent this, we should add a check in
OrganizationRoles::AssignAbilitiesService
andOrganizationRoles::DeleteService
to ensure that at least one role still has the:organization_administrator
ability and that other role is assigned to a user.