From f552072608ddb35ad2bc28cf3673f0924e65b99d Mon Sep 17 00:00:00 2001
From: Ilja Neumann <node512@gmail.com>
Date: Wed, 26 Aug 2020 16:21:04 +0200
Subject: [PATCH] Assign user role to newly created accounts.
 https://github.com/owncloud/product/issues/173

---
 changelog/unreleased/assign_role.md |  5 +++++
 pkg/service/v0/accounts.go          | 14 ++++++++++++++
 2 files changed, 19 insertions(+)
 create mode 100644 changelog/unreleased/assign_role.md

diff --git a/changelog/unreleased/assign_role.md b/changelog/unreleased/assign_role.md
new file mode 100644
index 0000000000..5ad8c3fb8c
--- /dev/null
+++ b/changelog/unreleased/assign_role.md
@@ -0,0 +1,5 @@
+Change: Create account api-call implicitly adds "default-user" role
+
+When calling CreateAccount default-user-role is implicitly added.
+
+https://github.com/owncloud/product/issues/173
diff --git a/pkg/service/v0/accounts.go b/pkg/service/v0/accounts.go
index 35d4c00202..c64991d002 100644
--- a/pkg/service/v0/accounts.go
+++ b/pkg/service/v0/accounts.go
@@ -19,9 +19,12 @@ import (
 	"github.com/blevesearch/bleve"
 	"github.com/gofrs/uuid"
 	"github.com/golang/protobuf/ptypes/empty"
+	mgrpc "github.com/micro/go-micro/v2/client/grpc"
 	merrors "github.com/micro/go-micro/v2/errors"
 	"github.com/owncloud/ocis-accounts/pkg/proto/v0"
 	"github.com/owncloud/ocis-accounts/pkg/provider"
+	settings "github.com/owncloud/ocis-settings/pkg/proto/v0"
+	settings_svc "github.com/owncloud/ocis-settings/pkg/service/v0"
 	"github.com/tredoe/osutil/user/crypt"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
@@ -320,6 +323,17 @@ func (s Service) CreateAccount(c context.Context, in *proto.CreateAccountRequest
 		return
 	}
 
+	// TODO: All users for now as create Account request does not have any role field
+	rs := settings.NewRoleService("com.owncloud.api.settings", mgrpc.NewClient())
+	_, err = rs.AssignRoleToUser(c, &settings.AssignRoleToUserRequest{
+		AccountUuid: acc.Id,
+		RoleId:      settings_svc.BundleUUIDRoleUser,
+	})
+
+	if err != nil {
+		return merrors.InternalServerError(s.id, "could not assign role to account: %v", err.Error())
+	}
+
 	if err = s.indexAccount(acc.Id); err != nil {
 		return merrors.InternalServerError(s.id, "could not index new account: %v", err.Error())
 	}