Allow org admins to associate users to an org

chef · Jul 13, 2022 · af0aee6 · af0aee6
1 parent fcd9ba0
commit af0aee6
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/src/chef-mover/apps/oc_chef_wm/src/oc_chef_wm_org_associations.erl b/src/chef-mover/apps/oc_chef_wm/src/oc_chef_wm_org_associations.erl
@@ -116,13 +116,13 @@ auth_info(Req, #base_state{requestor_id = RequestorAuthzId,
                            organization_authz_id = OrgAuthzId,
                            resource_state = #association_state{user = User} } = State) ->
     case wrq:method(Req) of
-        'POST' ->
-            % Only the superuser can force-create an org-user association
-            {superuser_only, Req, State};
         Method ->
             {auth_type_for_method(Method, User, OrgAuthzId, RequestorAuthzId), Req, State}
     end.
 
+auth_type_for_method('POST', #chef_user{authz_id = UserAuthzId }, OrgAuthzId, _RequestorAuthzId) ->
+    [{object, OrgAuthzId, update}, {actor, UserAuthzId, update}];
+
 auth_type_for_method('DELETE', #chef_user{ authz_id = UserAuthzId }, _OrgAuthzId, UserAuthzId) ->
     %% permissions-wise, user can always disassociate his or her own org association
     %% though we'll have additional safety checks below as well.