FIX: Make sure first admin users are added to auto groups (#18494)

When a user with an email matching those inside the DISCOURSE_DEVELOPER_EMAILS env var log in, we make them into admin users if they are not already. This is used when setting up the first admin user for self-hosters, since the discourse-setup script sets the provided admin emails into DISCOURSE_DEVELOPER_EMAILS. The issue being fixed here is that the new admins were not being automatically added to the staff and admins automatic groups, which was causing issues with the site settings that are group_list based that don't have an explicit staff override. All we need to do is refresh the automatic staff, admin groups when admin is granted for the user.
2024-11-22 09:42:02 +08:00 · 2022-10-06 15:16:38 +10:00 · 2022-10-06 15:16:38 +10:00 · 6d7abc1c85
commit 6d7abc1c85
parent d5f6262c4f
2 changed files with 35 additions and 0 deletions
--- a/lib/auth/default_current_user_provider.rb
+++ b/lib/auth/default_current_user_provider.rb
@ -308,6 +308,10 @@ class Auth::DefaultCurrentUserProvider
    }
  end

+  # This is also used to set the first admin of the site via
+  # the finish installation & register -> user account activation
+  # for signup flow, since all admin emails are stored in
+  # DISCOURSE_DEVELOPER_EMAILS for self-hosters.
  def make_developer_admin(user)
    if  user.active? &&
        !user.admin &&
@ -315,6 +319,7 @@ class Auth::DefaultCurrentUserProvider
        Rails.configuration.developer_emails.include?(user.email)
      user.admin = true
      user.save
+      Group.refresh_automatic_groups!(:staff, :admins)
    end
  end

--- a/spec/lib/auth/default_current_user_provider_spec.rb
+++ b/spec/lib/auth/default_current_user_provider_spec.rb
@ -794,4 +794,34 @@ RSpec.describe Auth::DefaultCurrentUserProvider do
      expect(UserAuthToken.find_by(user_id: user.id)).to be_nil
    end
  end
+
+  describe "first admin user" do
+    before do
+      user.update(admin: false, email: "blah@test.com")
+      Rails.configuration.developer_emails = "blah@test.com"
+    end
+
+    it "makes the user into an admin if their email is in DISCOURSE_DEVELOPER_EMAILS" do
+      @provider = provider('/')
+      @provider.log_on_user(user, {}, @provider.cookie_jar)
+      expect(user.reload.admin).to eq(true)
+      user2 = Fabricate(:user)
+      @provider.log_on_user(user2, {}, @provider.cookie_jar)
+      expect(user2.reload.admin).to eq(false)
+    end
+
+    it "adds the user to the correct staff/admin auto groups" do
+      @provider = provider('/')
+      @provider.log_on_user(user, {}, @provider.cookie_jar)
+      user.reload
+      expect(user.in_any_groups?([Group::AUTO_GROUPS[:staff]])).to eq(true)
+      expect(user.in_any_groups?([Group::AUTO_GROUPS[:admins]])).to eq(true)
+    end
+
+    it "runs the job to enable bootstrap mode" do
+      @provider = provider('/')
+      @provider.log_on_user(user, {}, @provider.cookie_jar)
+      expect_job_enqueued(job: :enable_bootstrap_mode, args: { user_id: user.id })
+    end
+  end
 end