Merge branch '2498-group-admin'

[arvados.git] / services / api / app / models / user.rb

diff --git a/services/api/app/models/user.rb b/services/api/app/models/user.rb
index fc094264354da81b18f83297e40f9661e1921de8..497a693bb88398e6343ae924a5309d8057840711 100644 (file)
--- a/services/api/app/models/user.rb
+++ b/services/api/app/models/user.rb
@@ -7,6 +7,7 @@ class User < ArvadosModel
   before_update :prevent_privilege_escalation
   before_update :prevent_inactive_admin
   before_create :check_auto_admin
+  after_create :add_system_group_permission_link
   after_create AdminNotifier
 
   has_many :authorized_keys, :foreign_key => :authorized_user_uuid, :primary_key => :uuid
@@ -371,4 +372,15 @@ class User < ArvadosModel
     end
   end
 
+  # Give the special "System group" permission to manage this user and
+  # all of this user's stuff.
+  #
+  def add_system_group_permission_link
+    Link.create(link_class: 'permission',
+                name: 'can_manage',
+                tail_kind: 'arvados#group',
+                tail_uuid: system_group_uuid,
+                head_kind: 'arvados#user',
+                head_uuid: self.uuid)
+  end
 end