fix(api): trigger an authorization update after auto-provisioning users (#3428)

api/http/handler/auth/authenticate.go

@@ -113,6 +113,11 @@ func (handler *Handler) authenticateLDAPAndCreateUser(w http.ResponseWriter, use
 		log.Printf("Warning: unable to automatically add user into teams: %s\n", err.Error())
 	}
 
+	err = handler.AuthorizationService.UpdateUsersAuthorizations()
+	if err != nil {
+		return &httperror.HandlerError{http.StatusInternalServerError, "Unable to update user authorizations", err}
+	}
+
 	return handler.writeToken(w, user)
 }
 

api/http/handler/auth/authenticate_oauth.go

@@ -133,6 +133,11 @@ func (handler *Handler) validateOAuth(w http.ResponseWriter, r *http.Request) *h
 				return &httperror.HandlerError{http.StatusInternalServerError, "Unable to persist team membership inside the database", err}
 			}
 		}
+
+		err = handler.AuthorizationService.UpdateUsersAuthorizations()
+		if err != nil {
+			return &httperror.HandlerError{http.StatusInternalServerError, "Unable to update user authorizations", err}
+		}
 	}
 
 	return handler.writeToken(w, user)

api/http/handler/auth/handler.go

@@ -34,6 +34,7 @@ type Handler struct {
 	EndpointGroupService  portainer.EndpointGroupService
 	RoleService           portainer.RoleService
 	ProxyManager          *proxy.Manager
+	AuthorizationService  *portainer.AuthorizationService
 }
 
 // NewHandler creates a handler to manage authentication operations.

api/http/server.go

@@ -136,6 +136,7 @@ func (server *Server) Start() error {
 	authHandler.EndpointGroupService = server.EndpointGroupService
 	authHandler.RoleService = server.RoleService
 	authHandler.ProxyManager = proxyManager
+	authHandler.AuthorizationService = authorizationService
 
 	var roleHandler = roles.NewHandler(requestBouncer)
 	roleHandler.RoleService = server.RoleService