🛡️ Safety: Prevent self-deactivation and fix staff UI

backend/src/modules/users/user.controller.ts

@@ -44,6 +44,6 @@ export class UsersController {
   @Delete(':id')
   @Roles(UserRole.ADMIN)
   async remove(@CurrentUser() user: any, @Param('id') id: string) {
-    return this.usersService.remove(user.tenantId, id);
+    return this.usersService.remove(user.tenantId, id, user.id);
   }
 }

backend/src/modules/users/user.service.ts

@@ -64,7 +64,10 @@ export class UsersService {
   /**
    * تعطيل مستخدم
    */
-  async remove(tenantId: string, id: string): Promise<void> {
+  async remove(tenantId: string, id: string, currentUserId: string): Promise<void> {
+    if (id === currentUserId) {
+      throw new ConflictException('لا يمكنك تعطيل حسابك الشخصي');
+    }
     const user = await this.findOne(tenantId, id);
     await this.userRepository.update(id, { is_active: false });
   }