Allow locking of the seeded admin user

[oliverguenther]

Ticket

https://community.openproject.org/work_packages/59722

[cbliard]

It does not work as expect. When running the seeding with OPENPROJECT_SEED_ADMIN_USER_ENABLED=false, it fails with non-null violation errors.

      ActiveRecord::NotNullViolation:
        PG::NotNullViolation: ERROR:  null value in column "user_id" of relation "journals" violates not-null constraint
        DETAIL:  Failing row contains (5, Project, 5, null, , 2024-11-26 08:54:39.66285+00, 1, 2024-11-26 08:54:39.66285+00, Journal::ProjectJournal, 5, {}, ["2024-11-26 08:54:39.66285+00",)).

That's because the admin user creation is skipped, but then this user is expected to exist as it is the author of all created work packages afterward.

This is controlled by Seeder#admin_user in app/seeders/seeder.rb:82.

Apart from that, I proposed some minor changes.

[oliverguenther]

@cbliard good catch, thanks. I'd suggest we use the system user in this case.

[cbliard]

Now it fails with "Nothing registered with reference :openproject_admin".

I noticed that the tests I added leaked some state and made subsequent tests fail. I just fixed it.

[cbliard]

And seeding can't work because the assignee is set to the system user (admin user normally) and then some queries are created with assignee filter being that system user, but they can't be saved because there is a validation rule about the assignee filter that forbids non-human assignees. :/

[cbliard]

Why not implement something like MINIMAL_SEEDING=true that would skip creation of demo projects, but still create all other necessary things?

[oliverguenther]

@cbliard Minimal seeding could be another use case, but the demo data should remain. I've talked to openDesk, and locking the user after seeding has completed seems like a good alternative. That way, we can still use that user for demo data, but ensure it's not accessible.

[cbliard]

Nice 👍