fix(admins): update role assignment logic for sudo admins based on count

Author: M03ED

app/db/migrations/versions/66c38b8a687a_admin_rbac_roles.py

@@ -104,14 +104,23 @@ def upgrade() -> None:
     with op.batch_alter_table('admins', schema=None) as batch_op:
         batch_op.add_column(sa.Column('role_id', app.db.compiles_types.SqliteCompatibleBigInteger(), nullable=True))
         batch_op.add_column(sa.Column('permission_overrides', sa.JSON().with_variant(postgresql.JSONB(none_as_null=True, astext_type=Text()), 'postgresql'), nullable=True))
-    # Backfill: is_sudo=true -> administrator (id=2), is_sudo=false -> operator (id=3)
+    # Backfill: if there is exactly one sudo admin, make it owner. Otherwise keep legacy behavior:
+    # is_sudo=true -> administrator (id=2), is_sudo=false -> operator (id=3).
     conn = op.get_bind()
     dialect = conn.dialect.name
     if dialect == "postgresql":
-        conn.execute(sa.text("UPDATE admins SET role_id = 2 WHERE is_sudo = true"))
+        sudo_count = conn.execute(sa.text("SELECT COUNT(*) FROM admins WHERE is_sudo = true")).scalar()
+        if sudo_count == 1:
+            conn.execute(sa.text("UPDATE admins SET role_id = 1 WHERE is_sudo = true"))
+        else:
+            conn.execute(sa.text("UPDATE admins SET role_id = 2 WHERE is_sudo = true"))
         conn.execute(sa.text("UPDATE admins SET role_id = 3 WHERE is_sudo = false OR role_id IS NULL"))
     else:
-        conn.execute(sa.text("UPDATE admins SET role_id = 2 WHERE is_sudo = 1"))
+        sudo_count = conn.execute(sa.text("SELECT COUNT(*) FROM admins WHERE is_sudo = 1")).scalar()
+        if sudo_count == 1:
+            conn.execute(sa.text("UPDATE admins SET role_id = 1 WHERE is_sudo = 1"))
+        else:
+            conn.execute(sa.text("UPDATE admins SET role_id = 2 WHERE is_sudo = 1"))
         conn.execute(sa.text("UPDATE admins SET role_id = 3 WHERE is_sudo = 0 OR role_id IS NULL"))
 
     with op.batch_alter_table('admins', schema=None) as batch_op: