From 2c5edd1b0f53551abdd06864501fde53120a7791 Mon Sep 17 00:00:00 2001
From: luxferre <chris@sr2.uk>
Date: Wed, 17 Jun 2026 09:32:12 +0100
Subject: [PATCH] feat: default org perm grant grants

---
 src/organisation/router.py  |  5 ++++-
 src/organisation/service.py | 35 +++++++++++++++++++++++++++++++++++
 2 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/src/organisation/router.py b/src/organisation/router.py
index a7114c3..641265c 100644
--- a/src/organisation/router.py
+++ b/src/organisation/router.py
@@ -21,7 +21,7 @@ from typing import Annotated
 from sqlalchemy.exc import IntegrityError
 from psycopg.errors import UniqueViolation
 
-from fastapi import APIRouter, status
+from fastapi import APIRouter, status, BackgroundTasks
 from fastapi.params import Query
 
 from src.contact.schemas import ContactModel
@@ -36,6 +36,7 @@ from src.contact.exceptions import ContactNotFoundException
 from src.database import db_dependency
 from src.iam.service import assign_default_user_group, assign_default_root_group
 from src.organisation.schemas_questionnaires import QuestionnaireQuestionsVersion0
+from src.organisation.service import add_default_org_permissions
 from src.user.dependencies import (
 	user_model_body_dependency,
 	user_model_claims_dependency,
@@ -147,6 +148,7 @@ async def create_org(
 	db: db_dependency,
 	user_model: user_model_claims_dependency,
 	request_model: OrgPostOrgRequest,
+	background_tasks: BackgroundTasks,
 ):
 	"""
 	Creates a new organisation with optional questionnaire (to be completed or submitted).
@@ -200,6 +202,7 @@ async def create_org(
 		db.flush()
 		org_model.__setattr__(contact_type, contact_model.id)
 	response = OrgPostOrgResponse(**org_model.__dict__)
+	background_tasks.add_task(add_default_org_permissions, db, org_model.id)
 	db.commit()
 	return response
 
diff --git a/src/organisation/service.py b/src/organisation/service.py
index cfe3925..01b36e9 100644
--- a/src/organisation/service.py
+++ b/src/organisation/service.py
@@ -1,3 +1,38 @@
 """
 Reusable business logic functions for the organisation module
 """
+
+from sqlalchemy.orm import Session
+from src.organisation.models import Organisation as Org
+from src.iam.models import Permission as Perm
+
+
+async def add_default_org_permissions(
+	db: Session,
+	org_id: int,
+):
+	default_org_permissions = [
+		1,  # test_service res_one read
+		2,  # test_service res_one create
+		10,  # tor-bridge-service collector read
+		13,  # tor-bridge-service samples read
+	]
+
+	org_model = db.get(Org, org_id)
+	if org_model is None:
+		print("Org not found while adding defaults")
+		return
+
+	for permission in default_org_permissions:
+		perm_model = db.get(Perm, permission)
+
+		if perm_model is None:
+			continue
+
+		if perm_model in org_model.permission_rel:
+			continue
+
+		org_model.permission_rel.append(perm_model)
+		db.flush()
+
+	db.commit()