allow configuring designated registration org to which new users can …

…register (#1735) if 'registration_enabled' is set, check 'registration_org_id' for org id of an existing org that new users should be added to when they register. if omitted, default to the default org Fixes #1729
webrecorder · Apr 23, 2024 · b940701 · b940701
1 parent 7ac0660
commit b940701
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 6 deletions.
diff --git a/backend/btrixcloud/orgs.py b/backend/btrixcloud/orgs.py
@@ -169,6 +169,9 @@ async def get_org_for_user_by_id(
     async def get_org_by_id(self, oid: UUID):
         """Get an org by id"""
         res = await self.orgs.find_one({"_id": oid})
+        if not res:
+            raise HTTPException(status_code=400, detail="invalid_org_id")
+
         return Organization.from_dict(res)
 
     async def get_default_org(self):

diff --git a/backend/btrixcloud/users.py b/backend/btrixcloud/users.py
@@ -86,6 +86,7 @@ def __init__(self, mdb, email, invites):
         self.email_collation = Collation("en", strength=2)
 
         self.registration_enabled = is_bool(os.environ.get("REGISTRATION_ENABLED"))
+        self.register_to_org_id = os.environ.get("REGISTER_TO_ORG_ID")
 
     # pylint: disable=attribute-defined-outside-init
     def set_ops(self, org_ops, crawl_config_ops, base_crawl_ops):
@@ -335,6 +336,7 @@ async def _create(
         self, create: UserCreateIn, request: Optional[Request] = None
     ) -> User:
         """create new user in db"""
+        # pylint: disable=too-many-branches
         await self.validate_password(create.password)
 
         hashed_password = get_password_hash(create.password)
@@ -362,7 +364,7 @@ async def _create(
         except DuplicateKeyError:
             raise HTTPException(status_code=400, detail="user_already_exists")
 
-        add_to_default_org = False
+        add_to_org = False
 
         if create.inviteToken:
             new_user_invite = None
@@ -374,19 +376,24 @@ async def _create(
                 print(exc)
 
             if new_user_invite and not new_user_invite.oid:
-                add_to_default_org = True
+                add_to_org = True
 
         else:
-            add_to_default_org = True
+            add_to_org = True
             if not is_verified:
                 asyncio.create_task(self.request_verify(user, request))
 
         # org to auto-add user to, if any
         auto_add_org: Optional[Organization] = None
 
         # if add to default, then get default org
-        if add_to_default_org:
-            auto_add_org = await self.org_ops.get_default_org()
+        if add_to_org:
+            if self.register_to_org_id:
+                auto_add_org = await self.org_ops.get_org_by_id(
+                    UUID(self.register_to_org_id)
+                )
+            else:
+                auto_add_org = await self.org_ops.get_default_org()
 
         # if creating new org, create here
         elif create.newOrg is True:
@@ -401,7 +408,7 @@ async def _create(
 
         # if org set, add user to org
         if auto_add_org:
-            await self.org_ops.add_user_to_org(auto_add_org, user.id)
+            await self.org_ops.add_user_to_org(auto_add_org, user.id, UserRole.CRAWLER)
 
         return user
 

diff --git a/chart/templates/configmap.yaml b/chart/templates/configmap.yaml
@@ -22,6 +22,8 @@ data:
 
   REGISTRATION_ENABLED: "{{ .Values.registration_enabled | default 0 }}"
 
+  REGISTER_TO_ORG_ID: "{{ .Values.registration_org_id }}"
+
   ALLOW_DUPE_INVITES: "{{ .Values.allow_dupe_invites | default 0 }}"
 
   JWT_TOKEN_LIFETIME_MINUTES: "{{ .Values.jwt_token_lifetime_minutes | default 60 }}"

diff --git a/chart/values.yaml b/chart/values.yaml
@@ -61,6 +61,10 @@ volume_storage_class:
 # crawler_node_type:
 
 registration_enabled: "0"
+
+# if set, along with 'registration_enabled', will add registrated users to this org
+# registration_org_id: ""
+
 jwt_token_lifetime_minutes: 1440
 
 # if set to "1", allow inviting same user to same org multiple times