CRITICAL race condition: two concurrent POST /api/setup requests could both
read "no super user exists" before either acquired a lock, allowing two
super users to be created.
Added .for("update") to the staff SELECT query inside the transaction.
PostgreSQL FOR UPDATE serializes concurrent claims — the second transaction
blocks on the lock until the first commits, then sees the existing super user
and returns 409.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
groombook-ci[bot]
1e417eccb1