Update application code to set organization_id when creating OAuth applications

Summary

Update the application code to automatically set organization_id when creating new OAuth applications.

Context

After adding the organization_id column and backfilling existing records, we need to ensure all new OAuth applications are created with the correct organization_id.

Implementation Areas

1. User-owned Applications

Location: app/controllers/oauth/applications_controller.rb (and similar)

  • When a user creates an OAuth application, set organization_id to the user's home organization
  • Update: Doorkeeper::Application creation logic
  • Ensure current_user.organization_id is set

2. Group-owned Applications

Location: app/controllers/groups/settings/applications_controller.rb (and similar)

  • When creating a group-scoped OAuth application, set organization_id to the group's organization
  • Update: Group application creation logic
  • Use group.organization_id

3. Instance-owned Applications

Location: Admin and system-level application creation

  • For admin-created applications, determine appropriate organization
  • Important: Do NOT hard-code default organization in application logic
  • Consider requiring organization selection for new instance applications

4. API Endpoints

Location: lib/api/applications.rb

  • Update API endpoints for creating OAuth applications
  • Add organization_id to permitted parameters (if needed)
  • Validate organization_id is set correctly

Code Changes Required

  • Update model validations in Doorkeeper::Application
  • Update controllers for user applications
  • Update controllers for group applications
  • Update admin/instance application creation
  • Update API endpoints
  • Add specs for all creation paths
  • Update GraphQL mutations if applicable

Validation

  • Ensure organization_id is always set for new applications
  • Add database constraint to make column NOT NULL (after backfill completes)
  • Validate organization exists and is accessible

Testing

  • Unit tests for each creation path
  • Integration tests for user/group/instance flows
  • API tests
  • GraphQL tests (if applicable)

Important Notes

  • This work focuses on setting organization_id during creation
  • Application scoping/access control is separate work
  • Do not use hard-coded default organization in running application code
  • Default organization can only exist in one cell at a time

Dependencies

References

Edited by 🤖 GitLab Bot 🤖