BUG Security::findAnAdministrator doesn't always find an admin

security/Security.php

@@ -745,11 +745,7 @@ class Security extends Controller {
 		$member = null;
 
 		// find a group with ADMIN permission
-		$adminGroup = DataObject::get('Group')
-			->where("\"Permission\".\"Code\" = 'ADMIN'")
-			->sort("\"Group\".\"ID\"")
-			->innerJoin("Permission", "\"Group\".\"ID\"=\"Permission\".\"GroupID\"")
-			->First();
+		$adminGroup = Permission::get_groups_by_permission('ADMIN')->First();
 		
 		if(is_callable('Subsite::changeSubsite')) {
 			Subsite::changeSubsite($origSubsite);
@@ -761,6 +757,7 @@ class Security extends Controller {
 
 		if(!$adminGroup) {
 			singleton('Group')->requireDefaultRecords();
+			$adminGroup = Permission::get_groups_by_permission('ADMIN')->First();
 		}
 		
 		if(!$member) {
@@ -772,6 +769,14 @@ class Security extends Controller {
 			$member = Member::default_admin();
 		}
 
+		if(!$member) {
+			// Failover to a blank admin
+			$member = Member::create();
+			$member->FirstName = _t('Member.DefaultAdminFirstname', 'Default Admin');
+			$member->write();
+			$member->Groups()->add($adminGroup);
+		}
+
 		return $member;
 	}
 

tests/security/SecurityDefaultAdminTest.php

@@ -51,6 +51,23 @@ class SecurityDefaultAdminTest extends SapphireTest {
 		$this->assertNull($admin->Password);
 	}
 
+	public function testFindAnAdministratorWithoutDefaultAdmin() {
+		// Clear default admin
+		Security::clear_default_admin();
+
+		$adminMembers = Permission::get_members_by_permission('ADMIN');
+		$this->assertEquals(0, $adminMembers->count());
+
+		$admin = Security::findAnAdministrator();
+
+		$this->assertInstanceOf('Member', $admin);
+		$this->assertTrue(Permission::checkMember($admin, 'ADMIN'));
+
+		// User should be blank
+		$this->assertEmpty($admin->Email);
+		$this->assertEmpty($admin->Password);
+	}
+
 	public function testDefaultAdmin() {
 		$adminMembers = Permission::get_members_by_permission('ADMIN');
 		$this->assertEquals(0, $adminMembers->count());