Make first user of instance automatically super_admin (#655)

* Implement dynamic role assignment for new family creators.

Introduced `User.role_for_new_family_creator` to assign `super_admin` to the first user of an instance and a configurable fallback role (e.g., `admin`) to subsequent users. Updated controllers and tests accordingly.

* Update default fallback role for family creators to admin.

---------

Co-authored-by: luckyPipewrench <luckypipewrench@proton.me>

app/controllers/api/v1/auth_controller.rb

@@ -36,9 +36,10 @@ module Api
         user = User.new(user_signup_params)
 
         # Create family for new user
+        # First user of an instance becomes super_admin
         family = Family.new
         user.family = family
-        user.role = :admin
+        user.role = User.role_for_new_family_creator
 
         if user.save
           # Claim invite code if provided

app/controllers/oidc_accounts_controller.rb

@@ -114,10 +114,11 @@ class OidcAccountsController < ApplicationController
     # Create new family for this user
     @user.family = Family.new
 
-    # Use provider-configured default role, or fall back to member (not admin)
+    # Use provider-configured default role, or fall back to admin for family creators
+    # First user of an instance always becomes super_admin regardless of provider config
     provider_config = Rails.configuration.x.auth.sso_providers&.find { |p| p[:name] == @pending_auth["provider"] }
-    default_role = provider_config&.dig(:settings, :default_role) || "member"
-    @user.role = default_role
+    provider_default_role = provider_config&.dig(:settings, :default_role)
+    @user.role = User.role_for_new_family_creator(fallback_role: provider_default_role || :admin)
 
     if @user.save
       # Create the OIDC (or other SSO) identity

app/controllers/registrations_controller.rb

@@ -21,7 +21,7 @@ class RegistrationsController < ApplicationController
     else
       family = Family.new
       @user.family = family
-      @user.role = :admin
+      @user.role = User.role_for_new_family_creator
     end
 
     if @user.save