added check for not removing last admin user

NomadLogin/DSQueryable.swift

@@ -285,6 +285,17 @@ public extension DSQueryable {
         return true
     }
     func removeAdmin(_ user:ODRecord) -> Bool {
+        do {
+            if try getAllAdminUsers().count<2 {
+                TCSLogError("Will not remove last admin!!")
+                return false
+            }
+
+        }
+        catch {
+            TCSLogErrorWithMark("Error when getting all admin users")
+            return false
+        }
         if isAdmin(user)==false { //user is not an admin already
             return true
         }
@@ -332,5 +343,25 @@ public extension DSQueryable {
             }
         return nonSystem
     }
+    func getAllAdminUsers() throws -> [ODRecord] {
+            let allRecords = try getAllNonSystemUsers()
+            let nonSystemAdminUsers = try allRecords.filter { (record) -> Bool in
+                let adminGroup = try? getLocalGroupRecord("admin")
+                do{
+
+                    if let adminGroup = adminGroup {
+                        try adminGroup.isMemberRecord(record)
+                        return true
+                    }
+                }
+                catch {
+                    TCSLog("error when looking for admin group membership")
+                    throw error
+                }
+
+                return true
+            }
+        return nonSystemAdminUsers
+    }
 
 }

Profile Manifest/com.twocanoes.xcreds.plist

@@ -5,7 +5,7 @@
 	<key>pfm_app_url</key>
 	<string>https://github.com/twocanoes/xcreds</string>
 	<key>pfm_description</key>
-	<string>XCreds 4.1 (6278) OAuth Settings</string>
+	<string>XCreds 4.1 (6282) OAuth Settings</string>
 	<key>pfm_documentation_url</key>
 	<string>https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences</string>
 	<key>pfm_domain</key>

XCredsLoginPlugIn/Mechanisms/XCredsCreateUser.swift

@@ -93,8 +93,6 @@ class XCredsCreateUser: XCredsBaseMechanism, DSQueryable {
             }
 
         }
-
-
         if let xcredsPass=xcredsPass,let xcredsUser = xcredsUser, XCredsCreateUser.checkForLocalUser(name: xcredsUser)==false{
 
             var secureTokenCreds:SecureTokenCredential? = nil

xCreds.xcodeproj/project.pbxproj

@@ -1436,7 +1436,7 @@
 			buildSettings = {
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 6281;
+				CURRENT_PROJECT_VERSION = 6282;
 				DEFINES_MODULE = YES;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1473,7 +1473,7 @@
 			buildSettings = {
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 6281;
+				CURRENT_PROJECT_VERSION = 6282;
 				DEFINES_MODULE = YES;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1594,7 +1594,7 @@
 				CODE_SIGN_ENTITLEMENTS = "XCreds Login Overlay/XCreds_Login_Overlay.entitlements";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 6281;
+				CURRENT_PROJECT_VERSION = 6282;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1631,7 +1631,7 @@
 				CODE_SIGN_ENTITLEMENTS = "XCreds Login Overlay/XCreds_Login_Overlay.entitlements";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 6281;
+				CURRENT_PROJECT_VERSION = 6282;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1781,7 +1781,7 @@
 				CODE_SIGN_ENTITLEMENTS = XCreds/xCreds.entitlements;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 6281;
+				CURRENT_PROJECT_VERSION = 6282;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				FRAMEWORK_SEARCH_PATHS = (
@@ -1823,7 +1823,7 @@
 				CODE_SIGN_ENTITLEMENTS = XCreds/xCreds.entitlements;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 6281;
+				CURRENT_PROJECT_VERSION = 6282;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				FRAMEWORK_SEARCH_PATHS = (