Revert "Update setting permissions on org creation"

This reverts commit 25d291b.

Author: FelisiaM

app/actions/organization_create.rb

@@ -1,5 +1,3 @@
-require 'role_create'
-
 module VCAP::CloudController
   class OrganizationCreate
     class Error < ::StandardError
@@ -10,7 +8,7 @@ def initialize(perm_client:, user_audit_info:)
       @user_audit_info = user_audit_info
     end
 
-    def create(message, user)
+    def create(message)
       org = nil
       Organization.db.transaction do
         org = VCAP::CloudController::Organization.create(
@@ -21,10 +19,8 @@ def create(message, user)
         MetadataUpdate.update(org, message)
       end
 
-      VCAP::CloudController::RoleTypes::ORGANIZATION_ROLES.each do |role|
-        VCAP::CloudController::RoleCreate.new(message, @user_audit_info).create_organization_role(type: role,
-                                                                   user: user,
-                                                                   organization: org)
+      VCAP::CloudController::Roles::ORG_ROLE_NAMES.each do |role|
+        perm_client.create_org_role(role: role, org_id: org.guid)
       end
 
       Repositories::OrganizationEventRepository.new.record_organization_create(org, @user_audit_info, message.audit_hash)

app/controllers/v3/organizations_controller.rb

@@ -47,7 +47,7 @@ def create
     message = VCAP::CloudController::OrganizationCreateMessage.new(hashed_params[:body])
     unprocessable!(message.errors.full_messages) unless message.valid?
 
-    org = OrganizationCreate.new(perm_client: perm_client, user_audit_info: user_audit_info).create(message, current_user)
+    org = OrganizationCreate.new(perm_client: perm_client, user_audit_info: user_audit_info).create(message)
 
     render json: Presenters::V3::OrganizationPresenter.new(org), status: :created
   rescue OrganizationCreate::Error => e

spec/request/organizations_spec.rb

@@ -10,24 +10,18 @@ module VCAP::CloudController
     let!(:organization2) { Organization.make name: 'Dungeon World' }
     let!(:organization3) { Organization.make name: 'The Sprawl' }
     let!(:inaccessible_organization) { Organization.make name: 'D&D' }
-    let(:uaa_client) { instance_double(VCAP::CloudController::UaaClient) }
 
     before do
       organization1.add_user(user)
       organization2.add_user(user)
       organization3.add_user(user)
       Domain.dataset.destroy # this will clean up the seeded test domains
       TestConfig.override(kubernetes: {})
-
-      allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client)
-      allow(uaa_client).to receive(:usernames_for_ids).with([user.guid]).and_return(
-        { user.guid => 'Ragnaros' }
-      )
     end
 
     describe 'POST /v3/organizations' do
-      let(:request_body) {
-        {
+      it 'creates a new organization with the given name' do
+        request_body = {
           name: 'org1',
           metadata: {
             labels: {
@@ -40,8 +34,7 @@ module VCAP::CloudController
             }
           }
         }.to_json
-      }
-      it 'creates a new organization with the given name' do
+
         expect {
           post '/v3/organizations', request_body, admin_header
         }.to change {
@@ -75,12 +68,12 @@ module VCAP::CloudController
       end
 
       it 'allows creating a suspended org' do
-        suspended_request_body = {
+        request_body = {
           name: 'suspended-org',
           suspended: true
         }.to_json
 
-        post '/v3/organizations', suspended_request_body, admin_header
+        post '/v3/organizations', request_body, admin_header
         expect(last_response.status).to eq(201)
 
         created_org = Organization.last
@@ -103,58 +96,6 @@ module VCAP::CloudController
           }
         )
       end
-
-      context 'when "user_org_creation" feature flag is enabled' do
-        before do
-          VCAP::CloudController::FeatureFlag.make(name: 'user_org_creation', enabled: true)
-        end
-
-        it 'lets ALL users create orgs' do
-          expect {
-            post '/v3/organizations', request_body, user_header
-          }.to change {
-            Organization.count
-          }.by 1
-
-          created_org = Organization.last
-
-          expect(last_response.status).to eq(201)
-          expect(parsed_response).to be_a_response_like(
-            {
-              'guid' => created_org.guid,
-              'created_at' => iso8601,
-              'updated_at' => iso8601,
-              'name' => 'org1',
-              'links' => {
-                'self' => { 'href' => "#{link_prefix}/v3/organizations/#{created_org.guid}" },
-                'domains' => { 'href' => "http://api2.vcap.me/v3/organizations/#{created_org.guid}/domains" },
-                'default_domain' => { 'href' => "http://api2.vcap.me/v3/organizations/#{created_org.guid}/domains/default" },
-                'quota' => { 'href' => "http://api2.vcap.me/v3/organization_quotas/#{created_org.quota_definition.guid}" }
-              },
-              'relationships' => { 'quota' => { 'data' => { 'guid' => created_org.quota_definition.guid } } },
-              'metadata' => {
-                'labels' => { 'freaky' => 'friday' },
-                'annotations' => { 'make' => 'subaru', 'model' => 'xv crosstrek', 'color' => 'orange' }
-              },
-              'suspended' => false
-            }
-          )
-        end
-        it 'gives the user all org roles associated with the new org' do
-          expect {
-            post '/v3/organizations', request_body, user_header
-          }.to change {
-            Organization.count
-          }.by 1
-
-          created_org = Organization.last
-          expect(OrganizationManager.first(organization_id: created_org.id, user_id: user.id)).to be_present
-          expect(OrganizationBillingManager.first(organization_id: created_org.id, user_id: user.id)).to be_present
-          expect(OrganizationAuditor.first(organization_id: created_org.id, user_id: user.id)).to be_present
-          expect(OrganizationUser.first(organization_id: created_org.id, user_id: user.id)).to be_present
-          expect(last_response.status).to eq(201)
-        end
-      end
     end
 
     describe 'GET /v3/organizations' do

spec/unit/actions/organization_create_spec.rb

@@ -8,16 +8,8 @@ module VCAP::CloudController
       let(:user_email) { 'user@example.com' }
       let(:user_audit_info) { UserAuditInfo.new(user_guid: user.guid, user_email: user_email) }
       let(:perm_client) { instance_spy(VCAP::CloudController::Perm::Client) }
-      let(:uaa_client) { instance_double(VCAP::CloudController::UaaClient) }
       subject(:org_create) { OrganizationCreate.new(perm_client: perm_client, user_audit_info: user_audit_info) }
 
-      before do
-        allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client)
-        allow(uaa_client).to receive(:usernames_for_ids).with([user.guid]).and_return(
-          { user.guid => 'Ragnaros' }
-        )
-      end
-
       context 'when creating a non-suspended organization' do
         let(:message) do
           VCAP::CloudController::OrganizationUpdateMessage.new({
@@ -36,7 +28,7 @@ module VCAP::CloudController
         end
 
         it 'creates a organization' do
-          organization = org_create.create(message, user)
+          organization = org_create.create(message)
 
           expect(organization.name).to eq('my-organization')
 
@@ -52,11 +44,10 @@ module VCAP::CloudController
         end
 
         it 'creates an audit event' do
-          created_org = org_create.create(message, user)
-          expect(VCAP::CloudController::Event.count).to eq(5)
-          org_create_event = VCAP::CloudController::Event.find(type: 'audit.organization.create')
-          expect(org_create_event).to exist
-          expect(org_create_event.values).to include(
+          created_org = org_create.create(message)
+          expect(VCAP::CloudController::Event.count).to eq(1)
+          event = VCAP::CloudController::Event.first
+          expect(event.values).to include(
             type: 'audit.organization.create',
             actor: user_audit_info.user_guid,
             actor_type: 'user',
@@ -67,8 +58,8 @@ module VCAP::CloudController
             actee_name: 'my-organization',
             organization_guid: created_org.guid
           )
-          expect(org_create_event.metadata).to eq({ 'request' => message.audit_hash })
-          expect(org_create_event.timestamp).to be
+          expect(event.metadata).to eq({ 'request' => message.audit_hash })
+          expect(event.timestamp).to be
         end
       end
 
@@ -77,7 +68,7 @@ module VCAP::CloudController
           name: 'my-organization',
           suspended: true
         })
-        organization = org_create.create(message, user)
+        organization = org_create.create(message)
 
         expect(organization.name).to eq('my-organization')
         expect(organization.suspended?).to be true
@@ -92,7 +83,7 @@ module VCAP::CloudController
 
           message = VCAP::CloudController::OrganizationUpdateMessage.new(name: 'foobar')
           expect {
-            org_create.create(message, user)
+            org_create.create(message)
           }.to raise_error(OrganizationCreate::Error, 'blork is busted')
         end
 
@@ -106,7 +97,7 @@ module VCAP::CloudController
           it 'raises a human-friendly error' do
             message = VCAP::CloudController::OrganizationUpdateMessage.new(name: name)
             expect {
-              org_create.create(message, user)
+              org_create.create(message)
             }.to raise_error(OrganizationCreate::Error, "Organization '#{name}' already exists.")
           end
         end