feat: add project creator role on register user (#222)

* feat: add project creator role on register user

* fix: better error message

* fix: tests

internal/auth/repository/eventsourcing/eventstore/user.go

@@ -2,6 +2,11 @@ package eventstore
 
 import (
 	"context"
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/eventstore/sdk"
+	org_model "github.com/caos/zitadel/internal/org/model"
+	org_event "github.com/caos/zitadel/internal/org/repository/eventsourcing"
+	usr_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
 
 	"github.com/caos/zitadel/internal/api/auth"
 	"github.com/caos/zitadel/internal/auth/repository/eventsourcing/view"
@@ -13,7 +18,9 @@ import (
 )
 
 type UserRepo struct {
+	Eventstore   eventstore.Eventstore
 	UserEvents   *user_event.UserEventstore
+	OrgEvents    *org_event.OrgEventstore
 	PolicyEvents *policy_event.PolicyEventstore
 	View         *view.View
 }
@@ -22,7 +29,7 @@ func (repo *UserRepo) Health(ctx context.Context) error {
 	return repo.UserEvents.Health(ctx)
 }
 
-func (repo *UserRepo) Register(ctx context.Context, user *model.User, resourceOwner string) (*model.User, error) {
+func (repo *UserRepo) Register(ctx context.Context, registerUser *model.User, orgMember *org_model.OrgMember, resourceOwner string) (*model.User, error) {
 	policyResourceOwner := auth.GetCtxData(ctx).OrgID
 	if resourceOwner != "" {
 		policyResourceOwner = resourceOwner
@@ -31,7 +38,24 @@ func (repo *UserRepo) Register(ctx context.Context, user *model.User, resourceOw
 	if err != nil {
 		return nil, err
 	}
-	return repo.UserEvents.RegisterUser(ctx, user, policy, resourceOwner)
+	user, aggregates, err := repo.UserEvents.PrepareRegisterUser(ctx, registerUser, policy, resourceOwner)
+	if err != nil {
+		return nil, err
+	}
+	if orgMember != nil {
+		orgMember.UserID = user.AggregateID
+		_, memberAggregate, err := repo.OrgEvents.PrepareAddOrgMember(ctx, orgMember, policyResourceOwner)
+		if err != nil {
+			return nil, err
+		}
+		aggregates = append(aggregates, memberAggregate)
+	}
+
+	err = sdk.PushAggregates(ctx, repo.Eventstore.PushAggregates, user.AppendEvents, aggregates...)
+	if err != nil {
+		return nil, err
+	}
+	return usr_model.UserToModel(user), nil
 }
 
 func (repo *UserRepo) MyProfile(ctx context.Context) (*model.Profile, error) {

internal/auth/repository/eventsourcing/repository.go

@@ -125,7 +125,9 @@ func Start(conf Config, authZ auth.Config, systemDefaults sd.SystemDefaults, aut
 	return &EsRepository{
 		spool,
 		eventstore.UserRepo{
+			Eventstore:   es,
 			UserEvents:   user,
+			OrgEvents:    org,
 			PolicyEvents: policy,
 			View:         view,
 		},

internal/auth/repository/user.go

@@ -2,12 +2,13 @@ package repository
 
 import (
 	"context"
+	org_model "github.com/caos/zitadel/internal/org/model"
 
 	"github.com/caos/zitadel/internal/user/model"
 )
 
 type UserRepository interface {
-	Register(ctx context.Context, user *model.User, resourceOwner string) (*model.User, error)
+	Register(ctx context.Context, user *model.User, member *org_model.OrgMember, resourceOwner string) (*model.User, error)
 
 	myUserRepo
 	SkipMfaInit(ctx context.Context, userID string) error

internal/eventstore/internal/repository/sql/push.go

@@ -62,7 +62,7 @@ func precondtion(tx *sql.Tx, aggregate *models.Aggregate) error {
 	}
 	err = aggregate.Precondition.Validation(events...)
 	if err != nil {
-		return caos_errs.ThrowPreconditionFailed(err, "SQL-s6hqU", "validation failed")
+		return err
 	}
 	return nil
 }

internal/eventstore/internal/repository/sql/push_test.go

@@ -362,7 +362,7 @@ func Test_precondtion(t *testing.T) {
 					expectBegin(nil).expectFilterEventsLimit(5, 0),
 			},
 			args: args{
-				aggregate: aggregateWithPrecondition(&models.Aggregate{}, models.NewSearchQuery().SetLimit(5), validationFunc(errors.CreateCaosError(nil, "SQL-LBIKm", "err"))),
+				aggregate: aggregateWithPrecondition(&models.Aggregate{}, models.NewSearchQuery().SetLimit(5), validationFunc(errors.ThrowPreconditionFailed(nil, "SQL-LBIKm", "err"))),
 			},
 			isErr: errors.IsPreconditionFailed,
 		},

internal/eventstore/models/aggregate.go

@@ -85,7 +85,10 @@ func (a *Aggregate) Validate() error {
 	if a.resourceOwner == "" {
 		return errors.ThrowPreconditionFailed(nil, "MODEL-eBYUW", "resource owner not set")
 	}
-	if a.Precondition != nil && (a.Precondition.Query == nil || a.Precondition.Query.Validate() != nil || a.Precondition.Validation == nil) {
+	if a.Precondition != nil && (a.Precondition.Query == nil || a.Precondition.Validation == nil) {
+		if err := a.Precondition.Query.Validate(); err != nil {
+			return err
+		}
 		return errors.ThrowPreconditionFailed(nil, "MODEL-EEUvA", "invalid precondition")
 	}
 

internal/login/handler/register_handler.go

@@ -3,15 +3,16 @@ package handler
 import (
 	"github.com/caos/zitadel/internal/auth_request/model"
 	caos_errs "github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore/models"
+	org_model "github.com/caos/zitadel/internal/org/model"
 	usr_model "github.com/caos/zitadel/internal/user/model"
 	"golang.org/x/text/language"
 	"net/http"
 )
 
 const (
-	tmplRegister = "register"
-
-	globalRO = "GlobalResourceOwner"
+	tmplRegister          = "register"
+	orgProjectCreatorRole = "ORG_PROJECT_CREATOR"
 )
 
 type registerFormData struct {
@@ -56,7 +57,12 @@ func (l *Login) handleRegisterCheck(w http.ResponseWriter, r *http.Request) {
 		l.renderRegister(w, r, authRequest, data, err)
 		return
 	}
-	user, err := l.authRepo.Register(setContext(r.Context(), iam.GlobalOrgID), data.toUserModel(), iam.GlobalOrgID)
+
+	member := &org_model.OrgMember{
+		ObjectRoot: models.ObjectRoot{AggregateID: iam.GlobalOrgID},
+		Roles:      []string{orgProjectCreatorRole},
+	}
+	user, err := l.authRepo.Register(setContext(r.Context(), iam.GlobalOrgID), data.toUserModel(), member, iam.GlobalOrgID)
 	if err != nil {
 		l.renderRegister(w, r, authRequest, data, err)
 		return