2 files changed, 16 insertions, 2 deletions

diff --git a/gn3/auth/authorisation/roles.py b/gn3/auth/authorisation/roles.py
index 562d3bc..6602c9f 100644
--- a/gn3/auth/authorisation/roles.py
+++ b/gn3/auth/authorisation/roles.py
@@ -83,3 +83,16 @@ def user_roles(conn: db.DbConnection, user: User):
             return tuple(
                 reduce(__organise_privileges__, results, {}).values())
         return tuple()
+
+def assign_default_roles(cursor: db.DbCursor, user: User):
+    """Assign `user` some default roles."""
+    cursor.execute(
+        'SELECT role_id FROM roles WHERE role_name IN '
+        '("group-creator")')
+    role_ids = cursor.fetchall()
+    str_user_id = str(user.user_id)
+    params = (
+        {"user_id": str_user_id, "role_id": role_id} for role_id in role_ids)
+    cursor.executemany(
+        ("INSERT INTO user_roles VALUES (:user_id, :role_id)"),
+        params)
diff --git a/gn3/auth/authorisation/views.py b/gn3/auth/authorisation/views.py
index 6ac3be0..2c47bd9 100644
--- a/gn3/auth/authorisation/views.py
+++ b/gn3/auth/authorisation/views.py
@@ -7,10 +7,10 @@ from gn3.auth.blueprint import oauth2
 
 from .groups import user_group
 from .errors import UserRegistrationError
-from .roles import user_roles as _user_roles
+from .roles import assign_default_roles, user_roles as _user_roles
 
 from ..authentication.oauth2.resource_server import require_oauth
-from ..authentication.users import User, save_user, set_user_password
+from ..authentication.users import save_user, set_user_password
 from ..authentication.oauth2.models.oauth2token import token_by_access_token
 
 @oauth2.route("/user", methods=["GET"])
@@ -95,6 +95,7 @@ def register_user():
         with db.cursor(conn) as cursor:
             user, _hashed_password = set_user_password(
                 cursor, save_user(cursor, email, user_name), password)
+            assign_default_roles(cursor, user)
             return jsonify(
                 {
                     "user_id": user.user_id,