Add config flag

svkrieger · svkrieger · commit 7059bae852ac · 2024-11-28T13:03:21.000+01:00
diff --git a/app/controllers/v3/users_controller.rb b/app/controllers/v3/users_controller.rb
@@ -39,7 +39,7 @@ def show
 
   def create
     message = UserCreateMessage.new(hashed_params[:body])
-    unauthorized! unless permission_queryer.can_write_globally? || (permission_queryer.is_org_manager? && !message.guid)
+    unauthorized! unless permission_queryer.can_write_globally? || org_managers_can_create_users?(message:)
     unprocessable!(message.errors.full_messages) unless message.valid?
 
     user = UserCreate.new.create(message:)
@@ -93,4 +93,8 @@ def fetch_user_if_readable(desired_guid)
   def user_not_found!
     resource_not_found!(:user)
   end
+
+  def org_managers_can_create_users?(message:)
+    VCAP::CloudController::Config.config.get(:allow_user_creation_by_org_manager) && permission_queryer.is_org_manager? && !message.guid
+  end
 end
diff --git a/lib/cloud_controller/config_schemas/base/api_schema.rb b/lib/cloud_controller/config_schemas/base/api_schema.rb
@@ -68,6 +68,8 @@ class ApiSchema < VCAP::Config
               ]
             },
 
+            optional(:allow_user_creation_by_org_manager) => bool,
+
             logging: {
               level: String, # debug, info, etc.
               file: String, # Log file to use

Original file line number	Diff line number	Diff line change
`@@ -68,6 +68,8 @@ class ApiSchema < VCAP::Config`
`68`	`68`	`]`
`69`	`69`	`},`
`70`	`70`
	`71`	`+ optional(:allow_user_creation_by_org_manager) => bool,`
	`72`	`+`
`71`	`73`	`logging: {`
`72`	`74`	`level: String, # debug, info, etc.`
`73`	`75`	`file: String, # Log file to use`