Update mixins.py

src/registrar/views/utility/mixins.py

@@ -300,13 +300,26 @@ class UserDomainRolePermission(PermissionsLoginMixin):
         domain_pk = self.kwargs["pk"]
         user_pk = self.kwargs["user_pk"]
 
+        # Check if the user is authenticated
         if not self.request.user.is_authenticated:
             return False
 
-        # TODO - exclude the creator from this
-        if not UserDomainRole.objects.filter(
-            user=user_pk, domain=domain_pk
-        ).exists():
+        # Check if the UserDomainRole object exists, then check
+        # if the user requesting the delete has permissions to do so
+        has_delete_permission = UserDomainRole.objects.filter(
+            user=user_pk, 
+            domain=domain_pk,
+            domain__permissions__user=self.request.user,
+        ).exists()
+        if not has_delete_permission:
+            return False
+
+        # Check if more than one manager exists on the domain.
+        # If only one exists, prevent this from happening
+        has_multiple_managers = len(UserDomainRole.objects.filter(
+            domain=domain_pk
+        )) > 1
+        if not has_multiple_managers:
             return False
 
         return True