From 2bdfd65e9b9ea87bf74d16a707add325aabf940b Mon Sep 17 00:00:00 2001
From: Damian Mooyman <damian@silverstripe.com>
Date: Tue, 18 Nov 2014 15:36:34 +1300
Subject: [PATCH] BUG Security::findAnAdministrator doesn't always find an
 admin

---
 security/Security.php                       | 15 ++++++++++-----
 tests/security/SecurityDefaultAdminTest.php | 17 +++++++++++++++++
 2 files changed, 27 insertions(+), 5 deletions(-)

diff --git a/security/Security.php b/security/Security.php
index c2d3ecbed..3db0fd967 100644
--- a/security/Security.php
+++ b/security/Security.php
@@ -745,11 +745,7 @@ class Security extends Controller {
 		$member = null;
 
 		// find a group with ADMIN permission
-		$adminGroup = DataObject::get('Group')
-			->where("\"Permission\".\"Code\" = 'ADMIN'")
-			->sort("\"Group\".\"ID\"")
-			->innerJoin("Permission", "\"Group\".\"ID\"=\"Permission\".\"GroupID\"")
-			->First();
+		$adminGroup = Permission::get_groups_by_permission('ADMIN')->First();
 		
 		if(is_callable('Subsite::changeSubsite')) {
 			Subsite::changeSubsite($origSubsite);
@@ -761,6 +757,7 @@ class Security extends Controller {
 
 		if(!$adminGroup) {
 			singleton('Group')->requireDefaultRecords();
+			$adminGroup = Permission::get_groups_by_permission('ADMIN')->First();
 		}
 		
 		if(!$member) {
@@ -772,6 +769,14 @@ class Security extends Controller {
 			$member = Member::default_admin();
 		}
 
+		if(!$member) {
+			// Failover to a blank admin
+			$member = Member::create();
+			$member->FirstName = _t('Member.DefaultAdminFirstname', 'Default Admin');
+			$member->write();
+			$member->Groups()->add($adminGroup);
+		}
+
 		return $member;
 	}
 
diff --git a/tests/security/SecurityDefaultAdminTest.php b/tests/security/SecurityDefaultAdminTest.php
index f81531a08..738722233 100644
--- a/tests/security/SecurityDefaultAdminTest.php
+++ b/tests/security/SecurityDefaultAdminTest.php
@@ -51,6 +51,23 @@ class SecurityDefaultAdminTest extends SapphireTest {
 		$this->assertNull($admin->Password);
 	}
 
+	public function testFindAnAdministratorWithoutDefaultAdmin() {
+		// Clear default admin
+		Security::clear_default_admin();
+
+		$adminMembers = Permission::get_members_by_permission('ADMIN');
+		$this->assertEquals(0, $adminMembers->count());
+
+		$admin = Security::findAnAdministrator();
+
+		$this->assertInstanceOf('Member', $admin);
+		$this->assertTrue(Permission::checkMember($admin, 'ADMIN'));
+
+		// User should be blank
+		$this->assertEmpty($admin->Email);
+		$this->assertEmpty($admin->Password);
+	}
+
 	public function testDefaultAdmin() {
 		$adminMembers = Permission::get_members_by_permission('ADMIN');
 		$this->assertEquals(0, $adminMembers->count());