From 1ae3519d7f89223568cd725a3fab44c51e061d17 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Germ=C3=A1n=20Mart=C3=ADn?= <github@gmartin.net>
Date: Wed, 5 Nov 2025 20:26:59 +0100
Subject: [PATCH] Bugfix/assign admin role to first user signing up (#5914)

* Assign admin role to first user signing up

* Update changelog
---
 CHANGELOG.md                             |  1 +
 apps/api/src/app/user/user.controller.ts |  6 +-----
 apps/api/src/app/user/user.service.ts    | 20 ++++++++++++++------
 3 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6bbaba5ac..59142bbbd 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,6 +18,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Fixed
 
 - Fixed the style of the safe withdrawal rate selector in the _FIRE_ section (experimental)
+- Assigned the `ADMIN` role to the first user signing up via a social login provider if no administrator existed
 - Improved the table headers’ alignment in the platform management of the admin control panel
 - Improved the table headers’ alignment in the tag management of the admin control panel
 
diff --git a/apps/api/src/app/user/user.controller.ts b/apps/api/src/app/user/user.controller.ts
index e545fd335..8704662f7 100644
--- a/apps/api/src/app/user/user.controller.ts
+++ b/apps/api/src/app/user/user.controller.ts
@@ -126,11 +126,7 @@ export class UserController {
       );
     }
 
-    const hasAdmin = await this.userService.hasAdmin();
-
-    const { accessToken, id, role } = await this.userService.createUser({
-      data: { role: hasAdmin ? 'USER' : 'ADMIN' }
-    });
+    const { accessToken, id, role } = await this.userService.createUser();
 
     return {
       accessToken,
diff --git a/apps/api/src/app/user/user.service.ts b/apps/api/src/app/user/user.service.ts
index f797270ff..65ce92cb2 100644
--- a/apps/api/src/app/user/user.service.ts
+++ b/apps/api/src/app/user/user.service.ts
@@ -526,15 +526,23 @@ export class UserService {
     });
   }
 
-  public async createUser({
-    data
-  }: {
-    data: Prisma.UserCreateInput;
-  }): Promise<User> {
-    if (!data?.provider) {
+  public async createUser(
+    {
+      data
+    }: {
+      data: Prisma.UserCreateInput;
+    } = { data: {} }
+  ): Promise<User> {
+    if (!data.provider) {
       data.provider = 'ANONYMOUS';
     }
 
+    if (!data.role) {
+      const hasAdmin = await this.hasAdmin();
+
+      data.role = hasAdmin ? 'USER' : 'ADMIN';
+    }
+
     const user = await this.prismaService.user.create({
       data: {
         ...data,