fix: address coderabbit review on admin user deletion

Author: isshaddad

apps/webapp/app/components/admin/DeleteUserDialog.tsx

@@ -26,6 +26,16 @@ export function DeleteUserDialog({ user, open, onOpenChange }: DeleteUserDialogP
     if (!open) setConfirmText("");
   }, [open]);
 
+  // Close the modal as soon as our own submit starts. Without reloadDocument
+  // the component stays mounted across the post-redirect soft navigation, so
+  // `open` would otherwise stay true after the action redirects to /admin.
+  const isSubmittingDelete =
+    navigation.state === "submitting" &&
+    navigation.formData?.get("intent") === "delete";
+  useEffect(() => {
+    if (isSubmittingDelete) onOpenChange(false);
+  }, [isSubmittingDelete, onOpenChange]);
+
   const expected = user ? `delete ${user.email}` : "";
   const confirmed = !!user && confirmText === expected;
   const isSubmitting = navigation.state !== "idle";
@@ -47,7 +57,7 @@ export function DeleteUserDialog({ user, open, onOpenChange }: DeleteUserDialogP
           </div>
         )}
 
-        <Form method="post" className="flex flex-col gap-3" reloadDocument>
+        <Form method="post" className="flex flex-col gap-3">
           <input type="hidden" name="intent" value="delete" />
           <input type="hidden" name="id" value={user?.id ?? ""} />
 

apps/webapp/app/routes/admin._index.tsx

@@ -92,6 +92,12 @@ export async function action({ request }: ActionFunctionArgs) {
     return redirect("/admin?deleted=1");
   }
 
+  // Reject any POST that set `intent` to something we don't recognise so
+  // unknown intents don't fall through to the impersonate flow.
+  if (typeof payload.intent === "string") {
+    return typedjson({ error: "Unknown action." }, { status: 400 });
+  }
+
   const { id } = ImpersonateSchema.parse(payload);
   return redirectWithImpersonation(request, id, "/");
 }

apps/webapp/app/services/personalAccessToken.server.ts

@@ -205,14 +205,24 @@ export async function authenticatePersonalAccessToken(
     return;
   }
 
-  await prisma.personalAccessToken.update({
-    where: {
-      id: personalAccessToken.id,
-    },
-    data: {
-      lastAccessedAt: new Date(),
-    },
-  });
+  // Best-effort touch. The token can vanish between the findFirst above and
+  // this update if a User cascade-delete happens concurrently (admin delete
+  // flow), so swallow not-found errors rather than 500-ing the auth path.
+  try {
+    await prisma.personalAccessToken.update({
+      where: {
+        id: personalAccessToken.id,
+      },
+      data: {
+        lastAccessedAt: new Date(),
+      },
+    });
+  } catch (error) {
+    logger.warn("Failed to touch PersonalAccessToken.lastAccessedAt", {
+      personalAccessTokenId: personalAccessToken.id,
+      error,
+    });
+  }
 
   const decryptedToken = decryptPersonalAccessToken(personalAccessToken);
 

internal-packages/database/prisma/migrations/20260428112409_admin_user_deletion/migration.sql

@@ -11,7 +11,7 @@ CREATE TABLE "public"."UserDeletionAuditLog" (
     "adminEmail" TEXT NOT NULL,
     "targetUserId" TEXT NOT NULL,
     "targetEmail" TEXT NOT NULL,
-    "softDeletedOrgIds" TEXT[],
+    "softDeletedOrgIds" TEXT[] NOT NULL DEFAULT ARRAY[]::TEXT[],
     "reason" TEXT,
     "ipAddress" TEXT,
     "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,

internal-packages/database/prisma/schema.prisma

@@ -2602,7 +2602,7 @@ model UserDeletionAuditLog {
 
   /// Organization IDs that were soft-deleted as part of this user delete
   /// (orgs where the deleted user was the sole member).
-  softDeletedOrgIds String[]
+  softDeletedOrgIds String[] @default([])
 
   /// Optional: ticket link / GDPR request id / free-text SE note.
   reason String?