marcel/familienarchiv
1
0
Fork 0
Code Issues 111 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(user): findOrCreate Administrators group instead of blind-INSERT (#518)
Some checks failed
CI / Unit & Component Tests (pull_request) Failing after 2m50s
Details
CI / OCR Service Tests (pull_request) Successful in 16s
Details
CI / Backend Unit Tests (pull_request) Failing after 4m12s
Details
CI / fail2ban Regex (pull_request) Successful in 39s
Details
CI / Compose Bucket Idempotency (pull_request) Successful in 58s
Details
CI / Unit & Component Tests (push) Has been cancelled
Details
CI / OCR Service Tests (push) Has been cancelled
Details
CI / Backend Unit Tests (push) Has been cancelled
Details
CI / fail2ban Regex (push) Has been cancelled
Details
CI / Compose Bucket Idempotency (push) Has been cancelled
Details

Browse Source 
Closes #518.

UserDataInitializer.initAdminUser was doing groupRepository.save(adminGroup)
unconditionally. If a previous boot had seeded the group but failed
before creating the admin user (or if the operator deleted just the
admin row to retry with a corrected APP_ADMIN_USERNAME), the next
seed attempt violated user_groups_name_key and aborted the context.

Switch to the same findByName(...).orElseGet(...) pattern initE2EData
already uses for the "Leser" group.

Tests in AdminSeedFailClosedTest:
- reuses_existing_Administrators_group_when_seeding_a_new_admin
- creates_Administrators_group_when_seeding_admin_on_a_fresh_database
Plus updated existing tests to stub groupRepository.save now that the
seed path also exercises it.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit was merged in pull request #519.
This commit is contained in:
Marcel
2026-05-11 17:29:11 +02:00
parent 9686e304c2
commit ad3b571bba
2 changed files with 63 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
backend/src/main/java/org/raddatz/familienarchiv/user/UserDataInitializer.java
View File

@@ -67,11 +67,16 @@ public class UserDataInitializer {
}
log.info("Kein Admin-User '{}' gefunden. Erstelle Default-Admin...", adminEmail);
UserGroup adminGroup = UserGroup.builder()
.name("Administrators")
.permissions(Set.of("ADMIN", "READ_ALL", "WRITE_ALL", "ANNOTATE_ALL", "ADMIN_USER", "ADMIN_TAG", "ADMIN_PERMISSION"))
.build();
groupRepository.save(adminGroup);
// Reuse the Administrators group if it already exists (e.g. a
// previous boot seeded the group but failed before creating
// the admin user, or the operator deleted just the user row
// to retry the seed with a new email). Blind-INSERTing would
// violate user_groups_name_key and abort the context. See #518.
UserGroup adminGroup = groupRepository.findByName("Administrators")
.orElseGet(() -> groupRepository.save(UserGroup.builder()
.name("Administrators")
.permissions(Set.of("ADMIN", "READ_ALL", "WRITE_ALL", "ANNOTATE_ALL", "ADMIN_USER", "ADMIN_TAG", "ADMIN_PERMISSION"))
.build()));
AppUser admin = AppUser.builder()
.email(adminEmail)