When creating groups, the parent organization does not match the user organizations

Problem

@lohrc reported on Slack (internal link):

I am currently encountering some problems creating subgroups and the following error is thrown and I cannot create subgroups. Does anyone know why this is happening? It doesn't seem to happen when creating new projects.

image

Investigation

The top level group is lohrc-ultimate and the sub group is subgroup-2. @lohrc tries to create a new child group in subgroup-2.

All the groups involved have organization_id=1

 
gitlabhq_production=> select r.path, n.id as group_id, n.parent_id as group_parent_id, n.path group_path, n.organization_id as group_organization_id  from namespaces n  inner join routes r on r.source_type = 'Namespace' and r.source_id = n.id where n.id = 71881695 or n.parent_id = 71881695  order by n.id                                                                                                   ;;

           path            | group_id | group_parent_id |   group_path   | group_organization_id
---------------------------+----------+-----------------+----------------+-----------------------
 lohrc-ultimate            | 71881695 |                 | lohrc-ultimate |                     1
 lohrc-ultimate/subgroup-1 | 83065954 |        71881695 | subgroup-1     |                     1
 lohrc-ultimate/subgroup-2 | 83065970 |        71881695 | subgroup-2     |                     1
 lohrc-ultimate/subgroup-3 | 91375174 |        71881695 | subgroup-3     |                     1
(4 rows)
Memberships for the user: 
   id    |        name        |          created_at           |  ou_id   | user_id  |          created_at
---------+--------------------+-------------------------------+----------+----------+-------------------------------
 1000010 | Monday Test Org    | 2024-01-15 16:01:40.777082+00 |  1000002 | 11485419 | 2024-01-15 16:01:41.031084+00
 1000011 | Wednesday Test Org | 2024-01-24 11:57:06.382489+00 |  1000003 | 11485419 | 2024-01-24 11:57:06.42997+00
 1000014 | Tuesday Test Org   | 2024-01-30 12:59:11.637575+00 |  1001200 | 11485419 | 2024-01-30 12:59:11.658463+00
 1000016 | Thursday Test Org  | 2024-01-30 13:33:47.007784+00 |  1001242 | 11485419 | 2024-01-30 13:33:47.021148+00
       1 | Default            | 2023-05-15 23:11:01.391439+00 | 12152106 | 11485419 | 2024-02-23 05:43:11.866602+00
 1000054 | Test Test Org      | 2024-05-15 08:36:23.765428+00 | 18303364 | 11485419 | 2024-05-15 08:36:23.784749+00

When we create a group, we use Current.organization for the new group. Current.organization is the group the user is looking at in the browser. This is based on the assumption that we can determine a group from the url. When we create a new group, we can't derive a Current.organization from the URL because the path for a new group is /groups/new .

When we can't find a Current.organization from the URL, we use the organization of the user. In the backend, that is defined as the first organization the user got assigned to'. Which will be the Default Organization for most users. But in this case, Monday Test Org` is returned because the assigned to that Organization was in January and the Default organization assignment was in February

So the logic tries to create a Group using organization_id = 1000010 in a parent group with organization_id = 1, which will fail

Possible fixes

  • Quick fixes:
    • Change 'first organization for lohrc to Default org: UPDATE organization_users SET id = 1000001 WHERE user_id = 11485419 AND organization_id = 1`
    • Delete and restore memberships
  • Add Organization Switcher
  • Change the create logic for Group and Project: use organization of parent group when creating new Project or Group