Create Global Admins team when admin user is created

- Admin user is now automatically added to Global Admins team as owner
- Ensures every user belongs to at least one team
- Updated unit tests to handle multiple db.add() calls

backend/tests/unit/test_auth.py

@@ -10,6 +10,7 @@ class TestCreateDefaultAdmin:
     def test_create_default_admin_with_env_password(self):
         """Test that ORCHARD_ADMIN_PASSWORD env var sets admin password."""
         from app.auth import create_default_admin, verify_password
+        from app.models import User
 
         # Create mock settings with custom password
         mock_settings = MagicMock()
@@ -19,20 +20,23 @@ class TestCreateDefaultAdmin:
         mock_db = MagicMock()
         mock_db.query.return_value.count.return_value = 0  # No existing users
 
-        # Track the user that gets created
-        created_user = None
+        # Track all objects that get created
+        created_objects = []
 
-        def capture_user(user):
-            nonlocal created_user
-            created_user = user
+        def capture_object(obj):
+            created_objects.append(obj)
 
-        mock_db.add.side_effect = capture_user
+        mock_db.add.side_effect = capture_object
 
         with patch("app.auth.get_settings", return_value=mock_settings):
             admin = create_default_admin(mock_db)
 
-        # Verify the user was created
+        # Verify objects were created (user, team, membership)
         assert mock_db.add.called
+        assert len(created_objects) >= 1
+
+        # Find the user object
+        created_user = next((obj for obj in created_objects if isinstance(obj, User)), None)
         assert created_user is not None
         assert created_user.username == "admin"
         assert created_user.is_admin is True
@@ -44,6 +48,7 @@ class TestCreateDefaultAdmin:
     def test_create_default_admin_with_default_password(self):
         """Test that default password 'changeme123' is used when env var not set."""
         from app.auth import create_default_admin, verify_password
+        from app.models import User
 
         # Create mock settings with empty password (default)
         mock_settings = MagicMock()
@@ -53,20 +58,23 @@ class TestCreateDefaultAdmin:
         mock_db = MagicMock()
         mock_db.query.return_value.count.return_value = 0  # No existing users
 
-        # Track the user that gets created
-        created_user = None
+        # Track all objects that get created
+        created_objects = []
 
-        def capture_user(user):
-            nonlocal created_user
-            created_user = user
+        def capture_object(obj):
+            created_objects.append(obj)
 
-        mock_db.add.side_effect = capture_user
+        mock_db.add.side_effect = capture_object
 
         with patch("app.auth.get_settings", return_value=mock_settings):
             admin = create_default_admin(mock_db)
 
-        # Verify the user was created
+        # Verify objects were created
         assert mock_db.add.called
+        assert len(created_objects) >= 1
+
+        # Find the user object
+        created_user = next((obj for obj in created_objects if isinstance(obj, User)), None)
         assert created_user is not None
         assert created_user.username == "admin"
         assert created_user.is_admin is True