From 0836ec1d6ccc305795947bda0d2b6620be6579aa Mon Sep 17 00:00:00 2001
From: Ralf Haferkamp <rhaferkamp@owncloud.com>
Date: Tue, 29 Mar 2022 17:46:16 +0200
Subject: [PATCH] getRoleId: Fallback if no roleIDs in context

When not using reva to mint the token the roleIDs of the user are not
part of the token (and not in the request context). Fallback to query
the settings service in that case.
---
 settings/pkg/service/v0/service.go | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/settings/pkg/service/v0/service.go b/settings/pkg/service/v0/service.go
index 3d15a226dd2..691bcd23b06 100644
--- a/settings/pkg/service/v0/service.go
+++ b/settings/pkg/service/v0/service.go
@@ -459,9 +459,23 @@ func getValidatedAccountUUID(ctx context.Context, accountUUID string) string {
 
 // getRoleIDs extracts the roleIDs of the authenticated user from the context.
 func (g Service) getRoleIDs(ctx context.Context) []string {
+	var ownRoleIDs []string
 	if ownRoleIDs, ok := roles.ReadRoleIDsFromContext(ctx); ok {
 		return ownRoleIDs
 	}
+	if accountID, ok := metadata.Get(ctx, middleware.AccountID); ok {
+		assignments, err := g.manager.ListRoleAssignments(accountID)
+		if err != nil {
+			g.logger.Info().Err(err).Str("userid", accountID).Msg("failed to get roles for user")
+			return []string{}
+		}
+
+		for _, a := range assignments {
+			ownRoleIDs = append(ownRoleIDs, a.RoleId)
+		}
+		return ownRoleIDs
+	}
+	g.logger.Info().Msg("failed to get accountID from context")
 	return []string{}
 }