From 791c8a6c4f1c889d57935f87e107b6a5d32db182 Mon Sep 17 00:00:00 2001
From: Ralf Haferkamp <rhaferkamp@owncloud.com>
Date: Thu, 16 Feb 2023 16:22:51 +0100
Subject: [PATCH] proxy: Fix provsioning new users with the default role

With 078698fdf4e7c684669172f82df6efa8c84ac0b1 the semantics of the
ListRoleAssignments Call in the settings service change. It no
no longer returns a "not found" error when there is not RoleAssignment
for a user. We'll just get an empty list as the result.

This changes the behaviour of the default role assignment to work with
the new semantics.
---
 services/proxy/pkg/user/backend/cs3.go | 41 ++++++++++++--------------
 1 file changed, 19 insertions(+), 22 deletions(-)

diff --git a/services/proxy/pkg/user/backend/cs3.go b/services/proxy/pkg/user/backend/cs3.go
index 13cb1bb4e..b37cd4813 100644
--- a/services/proxy/pkg/user/backend/cs3.go
+++ b/services/proxy/pkg/user/backend/cs3.go
@@ -3,7 +3,6 @@ package backend
 import (
 	"context"
 	"encoding/json"
-	"errors"
 	"fmt"
 	"io"
 	"net/http"
@@ -23,7 +22,6 @@ import (
 	settingssvc "github.com/owncloud/ocis/v2/protogen/gen/ocis/services/settings/v0"
 	"github.com/owncloud/ocis/v2/services/graph/pkg/service/v0/errorcode"
 	settingsService "github.com/owncloud/ocis/v2/services/settings/pkg/service/v0"
-	merrors "go-micro.dev/v4/errors"
 	"go-micro.dev/v4/metadata"
 	"go-micro.dev/v4/selector"
 )
@@ -80,27 +78,26 @@ func (c *cs3backend) GetUserByClaims(ctx context.Context, claim, value string, w
 	if user.Id.Type != cs3.UserType_USER_TYPE_LIGHTWEIGHT {
 		roleIDs, err = loadRolesIDs(ctx, user.Id.OpaqueId, c.settingsRoleService)
 		if err != nil {
-			var merr *merrors.Error
-			if errors.As(err, &merr) && merr.Code == http.StatusNotFound {
-				// This user doesn't have a role assignment yet. Assign a
-				// default user role. At least until proper roles are provided. See
-				// https://github.com/owncloud/ocis/v2/issues/1825 for more context.
-				if user.Id.Type == cs3.UserType_USER_TYPE_PRIMARY {
-					c.logger.Info().Str("userid", user.Id.OpaqueId).Msg("user has no role assigned, assigning default user role")
-					ctx = metadata.Set(ctx, middleware.AccountID, user.Id.OpaqueId)
-					_, err := c.settingsRoleService.AssignRoleToUser(ctx, &settingssvc.AssignRoleToUserRequest{
-						AccountUuid: user.Id.OpaqueId,
-						RoleId:      settingsService.BundleUUIDRoleUser,
-					})
-					if err != nil {
-						c.logger.Error().Err(err).Msg("Could not add default role")
-						return nil, "", err
-					}
-					roleIDs = append(roleIDs, settingsService.BundleUUIDRoleUser)
+			c.logger.Error().Err(err).Msgf("Could not load roles")
+			return nil, "", err
+		}
+
+		if len(roleIDs) == 0 {
+			// This user doesn't have a role assignment yet. Assign a
+			// default user role. At least until proper roles are provided. See
+			// https://github.com/owncloud/ocis/v2/issues/1825 for more context.
+			if user.Id.Type == cs3.UserType_USER_TYPE_PRIMARY {
+				c.logger.Info().Str("userid", user.Id.OpaqueId).Msg("user has no role assigned, assigning default user role")
+				ctx = metadata.Set(ctx, middleware.AccountID, user.Id.OpaqueId)
+				_, err := c.settingsRoleService.AssignRoleToUser(ctx, &settingssvc.AssignRoleToUserRequest{
+					AccountUuid: user.Id.OpaqueId,
+					RoleId:      settingsService.BundleUUIDRoleUser,
+				})
+				if err != nil {
+					c.logger.Error().Err(err).Msg("Could not add default role")
+					return nil, "", err
 				}
-			} else {
-				c.logger.Error().Err(err).Msgf("Could not load roles")
-				return nil, "", err
+				roleIDs = append(roleIDs, settingsService.BundleUUIDRoleUser)
 			}
 		}
 	}