First user should be admin

.env

@@ -11,6 +11,7 @@ PHP_VERSION=8.1
 PHP_MEMORY_LIMIT=256M
 MYSQL_VERSION=8.0.31
 MYSQL_PORT=3306
+MYSQL_DATA_DIR=./docker/db/data
 RABBITMQ_CLIENT_PORT=5672
 RABBITMQ_API_PORT=15672
 MERCURE_SSL_PORT=6443

docker-compose.yml

@@ -53,7 +53,7 @@ services:
             timeout: 20s
             retries: 10
         volumes:
-            - ./docker/db/data:/var/lib/mysql
+            - ${MYSQL_DATA_DIR}:/var/lib/mysql
 
     rabbitmq:
         container_name: ${RABBITMQ_CONTAINER:-rabbitmq}

src/Security/AzureAd/AzureAdUserBadgeFactory.php

@@ -5,6 +5,7 @@
 
 use DR\Review\Entity\User\User;
 use DR\Review\Repository\User\UserRepository;
+use DR\Review\Security\Role\Roles;
 use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
 
 class AzureAdUserBadgeFactory
@@ -15,17 +16,27 @@ public function __construct(private UserRepository $userRepository)
 
     public function create(string $email, string $name): UserBadge
     {
-        return new UserBadge($email, function () use ($email, $name) {
-            // fetch user for name (email), or create when non-existent.
-            $user = $this->userRepository->findOneBy(['email' => $email]);
-
-            // create user if not exists
-            if ($user === null) {
-                $this->userRepository->save((new User())->setEmail($email)->setName($name), true);
+        return new UserBadge(
+            $email,
+            function () use ($email, $name) {
+                // fetch user for name (email), or create when non-existent.
                 $user = $this->userRepository->findOneBy(['email' => $email]);
-            }
 
-            return $user;
-        });
+                // create user if not exists
+                if ($user !== null) {
+                    return $user;
+                }
+                $user = (new User())->setEmail($email)->setName($name);
+
+                // make first user admin
+                if ($this->userRepository->getUserCount() === 0) {
+                    $user->setRoles([Roles::ROLE_USER, Roles::ROLE_ADMIN]);
+                }
+
+                $this->userRepository->save($user, true);
+
+                return $this->userRepository->findOneBy(['email' => $email]);
+            }
+        );
     }
 }

tests/Unit/Security/AzureAd/AzureAdUserBadgeFactoryTest.php

@@ -6,6 +6,7 @@
 use DR\Review\Entity\User\User;
 use DR\Review\Repository\User\UserRepository;
 use DR\Review\Security\AzureAd\AzureAdUserBadgeFactory;
+use DR\Review\Security\Role\Roles;
 use DR\Review\Tests\AbstractTestCase;
 use PHPUnit\Framework\MockObject\MockObject;
 
@@ -45,7 +46,38 @@ public function testCreateNonExistingUser(): void
     {
         $user = new User();
         $this->userRepository->expects(self::exactly(2))->method('findOneBy')->with(['email' => 'email'])->willReturn(null, $user);
-        $this->userRepository->expects(self::once())->method('save')->with(static::isInstanceOf(User::class), true);
+        $this->userRepository->expects(self::once())->method('getUserCount')->willReturn(1);
+        $this->userRepository->expects(self::once())->method('save')
+            ->with(
+                static::callback(static function (User $user): bool {
+                    static::assertSame([], $user->getRoles());
+
+                    return true;
+                }),
+                true
+            );
+
+        $badge = $this->factory->create('email', 'name');
+        static::assertSame($user, $badge->getUser());
+    }
+
+    /**
+     * @covers ::create
+     */
+    public function testCreateFirstNonExistingUser(): void
+    {
+        $user = new User();
+        $this->userRepository->expects(self::exactly(2))->method('findOneBy')->with(['email' => 'email'])->willReturn(null, $user);
+        $this->userRepository->expects(self::once())->method('getUserCount')->willReturn(0);
+        $this->userRepository->expects(self::once())->method('save')
+            ->with(
+                static::callback(static function (User $user): bool {
+                    static::assertSame([Roles::ROLE_USER, Roles::ROLE_ADMIN], $user->getRoles());
+
+                    return true;
+                }),
+                true
+            );
 
         $badge = $this->factory->create('email', 'name');
         static::assertSame($user, $badge->getUser());