Fix issue where users are added to default org as admin (#534)

Users should only be added as to the default org with Owner permissions if they are not specifically being invited to another org. This commit fixes the logic in the post-registration callback to make this the case.
2023-01-31 15:55:31 -05:00 · 2023-01-31 15:55:31 -05:00 · 6cb79b580a
commit 6cb79b580a
parent 5fac103e10
3 changed files with 19 additions and 9 deletions
--- a/backend/btrixcloud/invites.py
+++ b/backend/btrixcloud/invites.py
@ -81,7 +81,7 @@ class InviteOps:
                status_code=403, detail="This user has already been invited"
            )

-        # Invitations to a specific org via API must invite role, so if it's
+        # Invitations to a specific org via API must include role, so if it's
        # absent assume this is a general invitation from superadmin.
        if not new_user_invite.role:
            new_user_invite.role = UserRole.OWNER
--- a/backend/btrixcloud/orgs.py
+++ b/backend/btrixcloud/orgs.py
@ -278,7 +278,7 @@ class OrgOps:
        new_user_invite = await self.invites.get_valid_invite(invite_token, user.email)
        await self.add_user_by_invite(new_user_invite, user)
        await self.invites.remove_invite(invite_token)
-        return True
+        return new_user_invite

    async def add_user_by_invite(self, invite: InvitePending, user: User):
        """Add user to an org from an InvitePending, if any.
--- a/backend/btrixcloud/users.py
+++ b/backend/btrixcloud/users.py
@ -236,6 +236,7 @@ class UserManager(BaseUserManager[UserCreate, UserDB]):
        """custom post registration callback, also receive the UserCreate object"""

        print(f"User {user.id} has registered.")
+        add_to_default_org = False

        if user_create.newOrg is True:
            print(f"Creating new organization for {user.id}")
@ -249,25 +250,34 @@ class UserManager(BaseUserManager[UserCreate, UserDB]):
                storage_name="default",
                user=user,
            )
-        else:
-            default_org = await self.org_ops.get_default_org()
-            if default_org:
-                await self.org_ops.add_user_to_org(default_org, user.id)

        is_verified = hasattr(user_create, "is_verified") and user_create.is_verified

        if user_create.inviteToken:
+            new_user_invite = None
            try:
-                await self.org_ops.handle_new_user_invite(user_create.inviteToken, user)
+                new_user_invite = await self.org_ops.handle_new_user_invite(
+                    user_create.inviteToken, user
+                )
            except HTTPException as exc:
                print(exc)

+            if new_user_invite and not new_user_invite.oid:
+                add_to_default_org = True
+
            if not is_verified:
                # if user has been invited, mark as verified immediately
                await self._update(user, {"is_verified": True})

-        elif not is_verified:
-            asyncio.create_task(self.request_verify(user, request))
+        else:
+            add_to_default_org = True
+            if not is_verified:
+                asyncio.create_task(self.request_verify(user, request))
+
+        if add_to_default_org:
+            default_org = await self.org_ops.get_default_org()
+            if default_org:
+                await self.org_ops.add_user_to_org(default_org, user.id)

    async def on_after_forgot_password(
        self, user: UserDB, token: str, request: Optional[Request] = None