diff --git a/CHANGELOG.md b/CHANGELOG.md index 9565d5e..c1a387b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ and this project adheres to ## [Unreleased] +- 🔒️(organization) the first user is not admin #776 - 🐛(admin) fix broken alias import #1021 ## [1.22.0] - 2026-01-19 diff --git a/src/backend/core/authentication/backends.py b/src/backend/core/authentication/backends.py index 8ea0a76..ba3ff90 100644 --- a/src/backend/core/authentication/backends.py +++ b/src/backend/core/authentication/backends.py @@ -17,8 +17,6 @@ from core.models import ( AccountService, Contact, Organization, - OrganizationAccess, - OrganizationRoleChoices, ) logger = logging.getLogger(__name__) @@ -131,15 +129,6 @@ class OIDCAuthenticationBackend(LaSuiteOIDCAuthenticationBackend): user = super().create_user(claims | {"organization": organization}) - if organization_created: - # Warning: we may remove this behavior in the near future when we - # add a feature to claim the organization ownership. - OrganizationAccess.objects.create( - organization=organization, - user=user, - role=OrganizationRoleChoices.ADMIN, - ) - # Initiate the user's profile Contact.objects.create( owner=user, diff --git a/src/backend/core/tests/authentication/test_backends.py b/src/backend/core/tests/authentication/test_backends.py index 524d5b4..85e93d1 100644 --- a/src/backend/core/tests/authentication/test_backends.py +++ b/src/backend/core/tests/authentication/test_backends.py @@ -391,6 +391,8 @@ def test_authentication_getter_new_user_with_registration_id_new_organization( assert user.organization.domain_list == expected_domain_list assert user.organization.registration_id_list == expected_registration_id_list + assert models.OrganizationAccess.objects.filter(user=user).exists() is False + def test_authentication_getter_existing_user_via_email_update_organization( django_assert_num_queries, monkeypatch