Merge pull request #12116 from influxdata/feat/owner-on-create

Make user owner of org/dashboard on create

kv/dashboard.go

@@ -8,6 +8,7 @@ import (
 
 	influxdb "github.com/influxdata/influxdb"
 	icontext "github.com/influxdata/influxdb/context"
+	"go.uber.org/zap"
 )
 
 var (
@@ -301,7 +302,15 @@ func (s *Service) CreateDashboard(ctx context.Context, d *influxdb.Dashboard) er
 		// TODO(desa): don't populate this here. use the first/last methods of the oplog to get meta fields.
 		d.Meta.CreatedAt = s.time()
 
-		return s.putDashboardWithMeta(ctx, tx, d)
+		if err := s.putDashboardWithMeta(ctx, tx, d); err != nil {
+			return err
+		}
+
+		if err := s.addDashboardOwner(ctx, tx, d.ID); err != nil {
+			s.Logger.Info("failed to make user owner of organization", zap.Error(err))
+		}
+
+		return nil
 	})
 	if err != nil {
 		return &influxdb.Error{
@@ -311,6 +320,12 @@ func (s *Service) CreateDashboard(ctx context.Context, d *influxdb.Dashboard) er
 	return nil
 }
 
+// addDashboardOwner attempts to create a user resource mapping for the user on the
+// authorizer found on context. If no authorizer is found on context if returns an error.
+func (s *Service) addDashboardOwner(ctx context.Context, tx Tx, orgID influxdb.ID) error {
+	return s.addResourceOwner(ctx, tx, influxdb.DashboardsResourceType, orgID)
+}
+
 func (s *Service) createCellView(ctx context.Context, tx Tx, dashID, cellID influxdb.ID, view *influxdb.View) error {
 	if view == nil {
 		// If not view exists create the view

kv/org.go

@@ -8,6 +8,7 @@ import (
 
 	influxdb "github.com/influxdata/influxdb"
 	icontext "github.com/influxdata/influxdb/context"
+	"go.uber.org/zap"
 )
 
 var (
@@ -213,10 +214,26 @@ func (s *Service) FindOrganizations(ctx context.Context, filter influxdb.Organiz
 // CreateOrganization creates a influxdb organization and sets b.ID.
 func (s *Service) CreateOrganization(ctx context.Context, o *influxdb.Organization) error {
 	return s.kv.Update(func(tx Tx) error {
-		return s.createOrganization(ctx, tx, o)
+		if err := s.createOrganization(ctx, tx, o); err != nil {
+			return err
+		}
+
+		// Attempt to add user as owner of organization, if that is not possible allow the
+		// organization to be created anyways.
+		if err := s.addOrgOwner(ctx, tx, o.ID); err != nil {
+			s.Logger.Info("failed to make user owner of organization", zap.Error(err))
+		}
+
+		return nil
 	})
 }
 
+// addOrgOwner attempts to create a user resource mapping for the user on the
+// authorizer found on context. If no authorizer is found on context if returns an error.
+func (s *Service) addOrgOwner(ctx context.Context, tx Tx, orgID influxdb.ID) error {
+	return s.addResourceOwner(ctx, tx, influxdb.OrgsResourceType, orgID)
+}
+
 func (s *Service) createOrganization(ctx context.Context, tx Tx, o *influxdb.Organization) error {
 	if err := s.uniqueOrganizationName(ctx, tx, o); err != nil {
 		return err

kv/urm.go

@@ -6,6 +6,7 @@ import (
 	"fmt"
 
 	"github.com/influxdata/influxdb"
+	icontext "github.com/influxdata/influxdb/context"
 )
 
 var (
@@ -358,3 +359,30 @@ func (s *Service) deleteOrgDependentMappings(ctx context.Context, tx Tx, m *infl
 
 	return nil
 }
+
+func (s *Service) addResourceOwner(ctx context.Context, tx Tx, rt influxdb.ResourceType, id influxdb.ID) error {
+	a, err := icontext.GetAuthorizer(ctx)
+	if err != nil {
+		return &influxdb.Error{
+			Code: influxdb.EInternal,
+			Msg:  fmt.Sprintf("could not find authorizer on context when adding user to resource type %s", rt),
+		}
+	}
+
+	urm := &influxdb.UserResourceMapping{
+		ResourceID:   id,
+		ResourceType: rt,
+		UserID:       a.GetUserID(),
+		UserType:     influxdb.Owner,
+	}
+
+	if err := s.createUserResourceMapping(ctx, tx, urm); err != nil {
+		return &influxdb.Error{
+			Code: influxdb.EInternal,
+			Msg:  "could not create user resource mapping",
+			Err:  err,
+		}
+	}
+
+	return nil
+}