Added check for last admin on role change

Will show error message if last admin and admin role is removed.
Closes #1124
Also cleaned up user controller a little.

app/Auth/UserRepo.php

@@ -3,6 +3,7 @@
 use Activity;
 use BookStack\Entities\Repos\EntityRepo;
 use BookStack\Exceptions\NotFoundException;
+use BookStack\Exceptions\UserUpdateException;
 use BookStack\Uploads\Image;
 use Exception;
 use Images;
@@ -42,7 +43,7 @@ class UserRepo
      */
     public function getById($id)
     {
-        return $this->user->findOrFail($id);
+        return $this->user->newQuery()->findOrFail($id);
     }
 
     /**
@@ -135,6 +136,40 @@ class UserRepo
         return true;
     }
 
+    /**
+     * Set the assigned user roles via an array of role IDs.
+     * @param User $user
+     * @param array $roles
+     * @throws UserUpdateException
+     */
+    public function setUserRoles(User $user, array $roles)
+    {
+        if ($this->demotingLastAdmin($user, $roles)) {
+            throw new UserUpdateException(trans('errors.role_cannot_remove_only_admin'), $user->getEditUrl());
+        }
+
+        $user->roles()->sync($roles);
+    }
+
+    /**
+     * Check if the given user is the last admin and their new roles no longer
+     * contains the admin role.
+     * @param User $user
+     * @param array $newRoles
+     * @return bool
+     */
+    protected function demotingLastAdmin(User $user, array $newRoles) : bool
+    {
+        if ($this->isOnlyAdmin($user)) {
+            $adminRole = $this->role->getSystemRole('admin');
+            if (!in_array(strval($adminRole->id), $newRoles)) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
     /**
      * Create a new basic instance of user.
      * @param array $data
@@ -143,7 +178,6 @@ class UserRepo
      */
     public function create(array $data, $verifyEmail = false)
     {
-
         return $this->user->forceCreate([
             'name'     => $data['name'],
             'email'    => $data['email'],

app/Exceptions/NotifyException.php

@@ -11,7 +11,7 @@ class NotifyException extends \Exception
      * @param string $message
      * @param string    $redirectLocation
      */
-    public function __construct($message, $redirectLocation)
+    public function __construct(string $message, string $redirectLocation = "/")
     {
         $this->message = $message;
         $this->redirectLocation = $redirectLocation;

app/Exceptions/UserUpdateException.php

@@ -0,0 +1,3 @@
+<?php namespace BookStack\Exceptions;
+
+class UserUpdateException extends NotifyException {}

app/Http/Controllers/UserController.php

@@ -3,6 +3,7 @@
 use BookStack\Auth\Access\SocialAuthService;
 use BookStack\Auth\User;
 use BookStack\Auth\UserRepo;
+use BookStack\Exceptions\UserUpdateException;
 use Illuminate\Http\Request;
 use Illuminate\Http\Response;
 
@@ -15,7 +16,7 @@ class UserController extends Controller
     /**
      * UserController constructor.
      * @param User     $user
-     * @param \BookStack\Auth\UserRepo $userRepo
+     * @param UserRepo $userRepo
      */
     public function __construct(User $user, UserRepo $userRepo)
     {
@@ -59,6 +60,7 @@ class UserController extends Controller
      * Store a newly created user in storage.
      * @param  Request $request
      * @return Response
+     * @throws UserUpdateException
      */
     public function store(Request $request)
     {
@@ -89,7 +91,7 @@ class UserController extends Controller
 
         if ($request->filled('roles')) {
             $roles = $request->get('roles');
-            $user->roles()->sync($roles);
+            $this->userRepo->setUserRoles($user, $roles);
         }
 
         $this->userRepo->downloadAndAssignUserAvatar($user);
@@ -122,8 +124,9 @@ class UserController extends Controller
     /**
      * Update the specified user in storage.
      * @param  Request $request
-     * @param  int     $id
+     * @param  int $id
      * @return Response
+     * @throws UserUpdateException
      */
     public function update(Request $request, $id)
     {
@@ -140,13 +143,13 @@ class UserController extends Controller
             'setting'          => 'array'
         ]);
 
-        $user = $this->user->findOrFail($id);
+        $user = $this->userRepo->getById($id);
         $user->fill($request->all());
 
         // Role updates
         if (userCan('users-manage') && $request->filled('roles')) {
             $roles = $request->get('roles');
-            $user->roles()->sync($roles);
+            $this->userRepo->setUserRoles($user, $roles);
         }
 
         // Password updates
@@ -185,7 +188,7 @@ class UserController extends Controller
             return $this->currentUser->id == $id;
         });
 
-        $user = $this->user->findOrFail($id);
+        $user = $this->userRepo->getById($id);
         $this->setPageTitle(trans('settings.users_delete_named', ['userName' => $user->name]));
         return view('users/delete', ['user' => $user]);
     }
@@ -194,6 +197,7 @@ class UserController extends Controller
      * Remove the specified user from storage.
      * @param  int $id
      * @return Response
+     * @throws \Exception
      */
     public function destroy($id)
     {
@@ -279,7 +283,7 @@ class UserController extends Controller
             $viewType = 'list';
         }
 
-        $user = $this->user->findOrFail($id);
+        $user = $this->userRepo->getById($id);
         setting()->putUser($user, 'bookshelves_view_type', $viewType);
 
         return redirect()->back(302, [], "/settings/users/$id");