Merge pull request #429 from TeskaLabs/feature/optional-assign-on-ten…

…ant-creation Do not automatically assign tenant to its creator
TeskaLabs · Nov 26, 2024 · 9f9bcf8 · 9f9bcf8
2 parents 57d3952 + 65be987
commit 9f9bcf8
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 26 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,13 +3,17 @@
 ## v24.45
 
 ### Pre-releases
+- v24.45-alpha3
 - v24.45-alpha2
 - v24.45-alpha1
 
 ### Fix
 - Fix role error in provisioning startup (#428, v24.45-alpha2)
 - Log more details when message delivery fails (#427, v24.45-alpha1)
 
+### Features
+- Do not automatically assign tenant to its creator (#429, v24.45-alpha3)
+
 ---
 
 

diff --git a/seacatauth/tenant/handler.py b/seacatauth/tenant/handler.py
@@ -2,6 +2,7 @@
 
 import asab.web.rest
 import asab.exceptions
+import asab.utils
 
 from ..decorators import access_control
 from . import schemas
@@ -138,6 +139,14 @@ async def get(self, request):
 	async def create(self, request, *, credentials_id, json_data):
 		"""
 		Create a tenant
+
+		---
+		parameters:
+		-	name: assign_me
+			in: query
+			description: Page number
+			schema:
+				type: boolean
 		"""
 		role_service = self.App.get_service("seacatauth.RoleService")
 		tenant_id = json_data["id"]
@@ -150,32 +159,25 @@ async def create(self, request, *, credentials_id, json_data):
 			data=json_data.get("data"),
 			creator_id=credentials_id)
 
-		# Assign tenant
-		try:
-			await self.TenantService.assign_tenant(credentials_id, tenant_id)
-		except Exception as e:
-			L.error(
-				"Error assigning tenant: {}".format(e),
-				exc_info=True,
-				struct_data={"cid": credentials_id, "tenant": tenant_id})
-
-		# Create role
-		role = "{}/admin".format(tenant_id)
-		try:
-			# Create admin role in tenant
-			await role_service.create(role)
-			# Assign tenant management resources
-			await role_service.update(role, resources_to_set=[
-				"seacat:tenant:access", "seacat:tenant:edit", "seacat:tenant:assign", "seacat:tenant:delete",
-				"seacat:role:access", "seacat:role:edit", "seacat:role:assign"])
-		except Exception as e:
-			L.error("Error creating admin role: {}".format(e), exc_info=True, struct_data={"role": role})
-
-		# Assign the admin role to the user
-		try:
-			await role_service.assign_role(credentials_id, role)
-		except Exception as e:
-			L.error("Error assigning role: {}".format(e), exc_info=True, struct_data={"cid": credentials_id, "role": role})
+		if asab.utils.string_to_boolean(request.query.get("assign_me", "false")):
+			# Give the user access to the tenant
+			try:
+				await self.TenantService.assign_tenant(credentials_id, tenant_id)
+			except Exception as e:
+				L.error(
+					"Error assigning tenant: {}".format(e),
+					exc_info=True,
+					struct_data={"cid": credentials_id, "tenant": tenant_id})
+
+			# Assign the admin role to the user
+			role_id = "{}/~auth-admin".format(tenant_id)
+			try:
+				await role_service.assign_role(credentials_id, role_id)
+			except Exception as e:
+				L.error(
+					"Error assigning role: {}".format(e),
+					struct_data={"cid": credentials_id, "role": role_id}
+				)
 
 		return asab.web.rest.json_response(
 			request, data={"id": tenant_id})