sr2/cloud-api
6
0
Fork 1
Code Issues 8 Pull requests 2 Projects Releases Packages Wiki Activity Actions

feat: default iam groups on org create

Browse source 
Root user is given the `Default Users` and `Root User` permission groups on org creation.
This commit is contained in:
Chris Milne 2026-06-15 11:26:22 +01:00
parent dad23733e8
commit 09d2fbafdc
2 changed files with 54 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

50
src/iam/service.py
View file

@ -8,12 +8,14 @@ Exports:
from typing import Annotated from typing import Annotated
from datetime import datetime, timedelta, timezone from datetime import datetime, timedelta, timezone
from src.iam.schemas import IAMCAoRRequest
from src.service.models import Service from src.service.models import Service
from src.database import db_dependency from src.database import db_dependency
from src.exceptions import UnauthorizedException from src.exceptions import UnauthorizedException
from src.utils import send_email, generate_jwt from src.utils import send_email, generate_jwt
from src.iam.schemas import IAMCAoRRequest
from src.iam.models import Group
from fastapi import Request, Depends from fastapi import Request, Depends
@ -64,3 +66,49 @@ async def send_user_group_invitation(
subject=subject, subject=subject,
body=body, body=body,
) )
async def create_default_user_group(db: db_dependency, org_model):
new_group = Group(name="Default Users", org_id=org_model.id)
db.add(new_group)
db.flush()
# Grant default permissions here
db.flush()
return new_group
async def assign_default_user_group(db: db_dependency, org_model, user_model):
group_model = None
for group in org_model.group_rel:
if group.name == "Default Users":
group_model = group
break
if group_model is None:
group_model = await create_default_user_group(db=db, org_model=org_model)
user_model.group_rel.append(group_model)
db.flush()
async def create_default_root_group(db: db_dependency, org_model):
new_group = Group(name="Root User", org_id=org_model.id)
db.add(new_group)
db.flush()
# Grant default permissions here
db.flush()
return new_group
async def assign_default_root_group(db: db_dependency, org_model, user_model):
group_model = None
for group in org_model.group_rel:
if group.name == "Root User":
group_model = group
break
if group_model is None:
group_model = await create_default_root_group(db=db, org_model=org_model)
user_model.group_rel.append(group_model)
db.flush()

5
src/organisation/router.py
View file

@ -33,6 +33,7 @@ from src.contact.models import Contact
from src.contact.schemas import ContactAddress from src.contact.schemas import ContactAddress
from src.contact.exceptions import ContactNotFoundException from src.contact.exceptions import ContactNotFoundException
from src.database import db_dependency from src.database import db_dependency
from src.iam.service import assign_default_user_group, assign_default_root_group
from src.organisation.schemas_questionnaires import QuestionnaireQuestionsVersion0 from src.organisation.schemas_questionnaires import QuestionnaireQuestionsVersion0
from src.user.dependencies import ( from src.user.dependencies import (
user_model_body_dependency, user_model_body_dependency,
@ -183,6 +184,10 @@ async def create_org(
# Adds currently logged-in user to org users list and sets them as root_user # Adds currently logged-in user to org users list and sets them as root_user
org_model.user_rel.append(user_model) org_model.user_rel.append(user_model)
org_model.root_user_rel = user_model org_model.root_user_rel = user_model
# Creates default user and default root IAM groups and assigns them
await assign_default_user_group(db, org_model, user_model)
await assign_default_root_group(db, org_model, user_model)
for contact_type in [ for contact_type in [
"billing_contact_id", "billing_contact_id",
"security_contact_id", "security_contact_id",