users: add new owner level.

Add a new Owner user level for the site owner. Highly sensitive
operations like manually changing the passwords of other users will be
restricted to the site owner.

app/javascript/src/styles/common/user_styles.scss

@@ -1,4 +1,8 @@
 body[data-current-user-style-usernames="true"] {
+  a.user-owner {
+    color: var(--user-admin-color);
+  }
+
   a.user-admin {
     color: var(--user-admin-color);
   }

app/javascript/src/styles/specific/user_tooltips.scss

@@ -27,6 +27,7 @@
         margin-right: 0.25em;
         border-radius: 3px;
 
+        &.user-tooltip-badge-owner { background-color: var(--user-admin-color); }
         &.user-tooltip-badge-admin { background-color: var(--user-admin-color); }
         &.user-tooltip-badge-moderator { background-color: var(--user-moderator-color); }
         &.user-tooltip-badge-approver { background-color: var(--user-builder-color); }

app/logical/user_deletion.rb

@@ -64,7 +64,7 @@ class UserDeletion
       errors.add(:base, "Password is incorrect")
     end
 
-    if user.level >= User::Levels::ADMIN
+    if user.is_admin?
       errors.add(:base, "Admins cannot delete their account")
     end
   end

app/models/user.rb

@@ -12,6 +12,7 @@ class User < ApplicationRecord
     BUILDER = 32
     MODERATOR = 40
     ADMIN = 50
+    OWNER = 60
   end
 
   # Used for `before_action :<role>_only`. Must have a corresponding `is_<role>?` method.
@@ -191,6 +192,10 @@ class User < ApplicationRecord
     extend ActiveSupport::Concern
 
     module ClassMethods
+      def owner
+        User.find_by!(level: Levels::ADMIN)
+      end
+
       def system
         User.find_by!(name: Danbooru.config.system_user)
       end
@@ -208,7 +213,8 @@ class User < ApplicationRecord
           "Platinum" => Levels::PLATINUM,
           "Builder" => Levels::BUILDER,
           "Moderator" => Levels::MODERATOR,
-          "Admin" => Levels::ADMIN
+          "Admin" => Levels::ADMIN,
+          "Owner" => Levels::OWNER
         }
       end
 
@@ -235,6 +241,9 @@ class User < ApplicationRecord
         when Levels::ADMIN
           "Admin"
 
+        when Levels::OWNER
+          "Owner"
+
         else
           ""
         end
@@ -299,6 +308,10 @@ class User < ApplicationRecord
       level >= Levels::ADMIN
     end
 
+    def is_owner?
+      level >= Levels::OWNER
+    end
+
     def is_approver?
       can_approve_posts?
     end

test/factories/user.rb

@@ -56,6 +56,11 @@ FactoryBot.define do
       can_approve_posts {true}
     end
 
+    factory(:owner_user) do
+      level { User::Levels::OWNER }
+      can_approve_posts {true}
+    end
+
     factory(:uploader) do
       created_at { 2.weeks.ago }
     end

test/mailers/previews/user_mailer_preview.rb

@@ -1,6 +1,6 @@
 class UserMailerPreview < ActionMailer::Preview
   def dmail_notice
-    dmail = User.admins.first.dmails.first
+    dmail = User.system.dmails.first
     UserMailer.dmail_notice(dmail)
   end
 

test/unit/user_test.rb

@@ -45,7 +45,14 @@ class UserTest < ActiveSupport::TestCase
     end
 
     should "normalize its level" do
+      user = FactoryBot.create(:user, :level => User::Levels::OWNER)
+      assert(user.is_owner?)
+      assert(user.is_admin?)
+      assert(user.is_moderator?)
+      assert(user.is_gold?)
+
       user = FactoryBot.create(:user, :level => User::Levels::ADMIN)
+      assert(!user.is_owner?)
       assert(user.is_moderator?)
       assert(user.is_gold?)