From 02fe615e1cd077779024de3261ac3e834e1b0523 Mon Sep 17 00:00:00 2001
From: Michael Barz <mbarz@owncloud.com>
Date: Mon, 15 May 2023 17:17:14 +0200
Subject: [PATCH] update the default roles

---
 changelog/unreleased/update-roles.md          |  5 ++++
 .../settings/pkg/store/defaults/defaults.go   | 30 +++++++++++++++++++
 2 files changed, 35 insertions(+)
 create mode 100644 changelog/unreleased/update-roles.md

diff --git a/changelog/unreleased/update-roles.md b/changelog/unreleased/update-roles.md
new file mode 100644
index 0000000000..9fbba0aca5
--- /dev/null
+++ b/changelog/unreleased/update-roles.md
@@ -0,0 +1,5 @@
+Bugfix: Update the default admin role
+
+The admin role was missing two permissions. We added them to make the space admin role a subset of the admin role. This matches better with the default user expectations.
+
+https://github.com/owncloud/ocis/pull/6310
diff --git a/services/settings/pkg/store/defaults/defaults.go b/services/settings/pkg/store/defaults/defaults.go
index 241bc8bd6e..3e078f65d4 100644
--- a/services/settings/pkg/store/defaults/defaults.go
+++ b/services/settings/pkg/store/defaults/defaults.go
@@ -345,6 +345,36 @@ func generateBundleAdminRole() *settingsmsg.Bundle {
 					},
 				},
 			},
+			{
+				Id:          ManageSpacePropertiesPermissionID,
+				Name:        ManageSpacePropertiesPermissionName,
+				DisplayName: "Manage space properties",
+				Description: "This permission allows to manage space properties such as name and description.",
+				Resource: &settingsmsg.Resource{
+					Type: settingsmsg.Resource_TYPE_SYSTEM,
+				},
+				Value: &settingsmsg.Setting_PermissionValue{
+					PermissionValue: &settingsmsg.Permission{
+						Operation:  settingsmsg.Permission_OPERATION_READWRITE,
+						Constraint: settingsmsg.Permission_CONSTRAINT_ALL,
+					},
+				},
+			},
+			{
+				Id:          SpaceAbilityPermissionID,
+				Name:        SpaceAbilityPermissionName,
+				DisplayName: "Space ability",
+				Description: "This permission allows to enable and disable spaces.",
+				Resource: &settingsmsg.Resource{
+					Type: settingsmsg.Resource_TYPE_SYSTEM,
+				},
+				Value: &settingsmsg.Setting_PermissionValue{
+					PermissionValue: &settingsmsg.Permission{
+						Operation:  settingsmsg.Permission_OPERATION_READWRITE,
+						Constraint: settingsmsg.Permission_CONSTRAINT_ALL,
+					},
+				},
+			},
 		},
 	}
 }