Add UserID to context during initial login (#4829)

* Add UserID to context during initial login UserID is also suffixed with "_init" so that own role assignment safety check is passed Fixes: https://github.com/owncloud/ocis/issues/4787 * Fix missing gofmt -s bug Co-authored-by: root <root@localhost.localdomain>
2025-12-30 17:00:57 -06:00 · 2022-10-17 17:03:39 +02:00
parent 7fb7a8b6e1
commit 5082e6c027
1 changed files with 5 additions and 0 deletions
--- a/services/proxy/pkg/user/backend/cs3.go
+++ b/services/proxy/pkg/user/backend/cs3.go
@@ -17,12 +17,14 @@ import (
 	"github.com/cs3org/reva/v2/pkg/token"
 	libregraph "github.com/owncloud/libre-graph-api-go"
 	"github.com/owncloud/ocis/v2/ocis-pkg/log"
+	"github.com/owncloud/ocis/v2/ocis-pkg/middleware"
 	"github.com/owncloud/ocis/v2/ocis-pkg/oidc"
 	"github.com/owncloud/ocis/v2/ocis-pkg/registry"
 	settingssvc "github.com/owncloud/ocis/v2/protogen/gen/ocis/services/settings/v0"
 	"github.com/owncloud/ocis/v2/services/graph/pkg/service/v0/errorcode"
 	settingsService "github.com/owncloud/ocis/v2/services/settings/pkg/service/v0"
 	merrors "go-micro.dev/v4/errors"
+	"go-micro.dev/v4/metadata"
 	"go-micro.dev/v4/selector"
 )

@@ -85,6 +87,9 @@ func (c *cs3backend) GetUserByClaims(ctx context.Context, claim, value string, w
 				// https://github.com/owncloud/ocis/v2/issues/1825 for more context.
 				if user.Id.Type == cs3.UserType_USER_TYPE_PRIMARY {
 					c.logger.Info().Str("userid", user.Id.OpaqueId).Msg("user has no role assigned, assigning default user role")
+					// Updating context to have the Account-ID field and suffixing with _init
+					// so that the safety check for setting users' own role doesn't fail
+					ctx = metadata.Set(ctx, middleware.AccountID, user.Id.OpaqueId+"_init")
 					_, err := c.settingsRoleService.AssignRoleToUser(ctx, &settingssvc.AssignRoleToUserRequest{
 						AccountUuid: user.Id.OpaqueId,
 						RoleId:      settingsService.BundleUUIDRoleUser,