SCIM: Assign requester org to new provisioned users (#101548)

Assign requester org to new provisioned users Co-authored-by: Mihai Doarna <mihai.doarna@grafana.com>
2025-03-05 17:11:44 +01:00
parent 962496c50d
commit c1c9ea6964
1 changed files with 23 additions and 10 deletions
@@ -10,6 +10,7 @@ import (
 	"go.opentelemetry.io/otel/attribute"
 	"go.opentelemetry.io/otel/trace"

+	"github.com/grafana/grafana/pkg/apimachinery/identity"
 	"github.com/grafana/grafana/pkg/infra/db"
 	"github.com/grafana/grafana/pkg/infra/localcache"
 	"github.com/grafana/grafana/pkg/infra/tracing"
@@ -100,16 +101,28 @@ func (s *Service) Create(ctx context.Context, cmd *user.CreateUserCommand) (*use
 		return nil, user.ErrEmptyUsernameAndEmail.Errorf("user cannot be created with empty username and email")
 	}

-	cmdOrg := org.GetOrgIDForNewUserCommand{
-		Email:        cmd.Email,
-		Login:        cmd.Login,
-		OrgID:        cmd.OrgID,
-		OrgName:      cmd.OrgName,
-		SkipOrgSetup: cmd.SkipOrgSetup,
-	}
-	orgID, err := s.orgService.GetIDForNewUser(ctx, cmdOrg)
-	if err != nil {
-		return nil, err
+	// if the user is provisioned, use the org ID from the requester
+	var orgID int64
+	var err error
+	if cmd.IsProvisioned {
+		requester, err := identity.GetRequester(ctx)
+		if err != nil {
+			return nil, err
+		}
+
+		orgID = requester.GetOrgID()
+	} else {
+		cmdOrg := org.GetOrgIDForNewUserCommand{
+			Email:        cmd.Email,
+			Login:        cmd.Login,
+			OrgID:        cmd.OrgID,
+			OrgName:      cmd.OrgName,
+			SkipOrgSetup: cmd.SkipOrgSetup,
+		}
+		orgID, err = s.orgService.GetIDForNewUser(ctx, cmdOrg)
+		if err != nil {
+			return nil, err
+		}
 	}
 	if cmd.Email == "" {
 		cmd.Email = cmd.Login