From 3433ba39ee93b3330b8c9d551860e93a45c438f1 Mon Sep 17 00:00:00 2001
From: luxferre <chris@sr2.uk>
Date: Mon, 15 Jun 2026 11:35:01 +0100
Subject: [PATCH] feat: default iam group on org join

Users joining an org are given the `Default User` IAM permission group automatically.
---
 src/organisation/router.py | 1 +
 src/user/router.py         | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/src/organisation/router.py b/src/organisation/router.py
index ce8aaf2..f0f212a 100644
--- a/src/organisation/router.py
+++ b/src/organisation/router.py
@@ -352,6 +352,7 @@ async def add_user_to_org(
 		raise ConflictException(message="User already a part of this organisation")
 	org_model.user_rel.append(user_model)
 	db.flush()
+	await assign_default_user_group(db=db, org_model=org_model, user_model=user_model)
 	response = {
 		"organisation": org_model,
 		"users": [{"id": user.id, "email": user.email} for user in org_model.user_rel],
diff --git a/src/user/router.py b/src/user/router.py
index a561be4..c4b5379 100644
--- a/src/user/router.py
+++ b/src/user/router.py
@@ -10,6 +10,7 @@ Endpoints:
 
 from fastapi import APIRouter, status, BackgroundTasks
 
+from src.iam.service import assign_default_user_group
 from src.organisation.exceptions import OrgNotFoundException
 from src.user.schemas import (
 	UserResponse,
@@ -199,6 +200,7 @@ async def accept_invitation(
 
 	org_model.user_rel.append(user_model)
 	db.flush()
+	await assign_default_user_group(db=db, org_model=org_model, user_model=user_model)
 
 	response = {
 		"organisation": org_model,