fix: improve first-user auto-approve logic

- Remove hardcoded test@test.com auto-approval
- Count approved users instead of total users
- Only first user gets auto-approved as ADMINISTRATOR
- Subsequent users default to DRIVER role and require approval

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

backend/src/auth/auth.service.ts

@@ -26,25 +26,26 @@ export class AuthService {
 
     if (!user) {
       // Check if this is the first user (auto-approve as admin)
-      const userCount = await this.prisma.user.count();
+      const approvedUserCount = await this.prisma.user.count({
-      const isFirstUser = userCount === 0;
+        where: { isApproved: true, deletedAt: null },
-
+      });
-      // Auto-approve test users for Playwright tests
+      const isFirstUser = approvedUserCount === 0;
-      const isTestUser = email === 'test@test.com';
 
       this.logger.log(
-        `Creating new user: ${email} (isFirstUser: ${isFirstUser}, isTestUser: ${isTestUser})`,
+        `Creating new user: ${email} (approvedUserCount: ${approvedUserCount}, isFirstUser: ${isFirstUser})`,
       );
 
       // Create new user
+      // First user is auto-approved as ADMINISTRATOR
+      // Subsequent users default to DRIVER and require approval
       user = await this.prisma.user.create({
         data: {
           auth0Id,
           email,
           name,
           picture,
-          role: isFirstUser || isTestUser ? Role.ADMINISTRATOR : Role.DRIVER,
+          role: isFirstUser ? Role.ADMINISTRATOR : Role.DRIVER,
-          isApproved: isFirstUser || isTestUser, // Auto-approve first user and test users
+          isApproved: isFirstUser, // Auto-approve first user only
         },
         include: { driver: true },
       });