Add owner role and admin management controls

GameList.Tests/AuthTests.cs

@@ -117,6 +117,13 @@ public class AuthTests
         response.EnsureSuccessStatusCode();
         var json = await response.Content.ReadFromJsonAsync<JsonElement>();
         Assert.True(json.GetProperty("isAdmin").GetBoolean());
+
+        await factory.WithDbContextAsync(async db =>
+        {
+            var owner = await db.Players.AsNoTracking().SingleAsync(p => p.Username == "adminuser");
+            Assert.True(owner.IsOwner);
+            Assert.True(owner.IsAdmin);
+        });
     }
 
     [Fact]
@@ -133,7 +140,23 @@ public class AuthTests
         Assert.Equal(HttpStatusCode.BadRequest, secondAdmin.StatusCode);
 
         var body = await secondAdmin.Content.ReadFromJsonAsync<JsonElement>();
-        Assert.Equal("Admin registration via admin key is disabled after the first admin account.", body.GetProperty("error").GetString());
+        Assert.Equal("Admin registration via admin key is disabled once an owner account exists.", body.GetProperty("error").GetString());
+    }
+
+    [Fact]
+    public async Task Auth_options_reports_owner_existence()
+    {
+        await using var factory = new TestWebApplicationFactory();
+        var client = factory.CreateClientWithCookies();
+
+        var before = await client.GetFromJsonAsync<JsonElement>("/api/auth/options");
+        Assert.False(before.GetProperty("ownerExists").GetBoolean());
+
+        var ownerRegister = await client.RegisterAsync("owner", admin: true);
+        ownerRegister.EnsureSuccessStatusCode();
+
+        var after = await client.GetFromJsonAsync<JsonElement>("/api/auth/options");
+        Assert.True(after.GetProperty("ownerExists").GetBoolean());
     }
 
     [Fact]