Issue

Inconsistent behavior around creating new orgs + assigning roles between v2 and v3.

Steps to Reproduce

We reproduced this on CAPI 3.88.0.

Using the v7 CLI (fails) and the v6 CLI (works):

v7:

1. Enable the user-org-creation feature flag with cf7 enable-feature-flag user_org_creation
2. Create a new user with cf7 create-user pluot pluot and login with cf7 login -u pluot -p pluot
3. Create an org as that user with cf7 create-org pluot -v
4. Notice that command fails. The POST /v3/organizations succeeds in creating the org, but the POST /v3/roles to add the current user as a manager in that org fails with a 403.

v6:

1. Enable the user-org-creation feature flag with cf6 enable-feature-flag user_org_creation
2. Create a new user with cf6 create-user pluot pluot and login with cf6 login -u pluot -p pluot
3. Create an org as that user with cf6 create-org pluot -v
4. Notice that command succeeds. The POST /v2/organizations succeeds in creating the org, and the PUT /v2/organizations/:guid/managers to add the current user as a manager in that org succeeds.

Expected result

Behavior should be consistent.

Current result

Inconsistent!

Possible Fix

Unsure, but maybe the v2 create-org endpoint adds the authenticated user as an "org user" automatically, but v3 doesn't. So when the same user tries to add a role in that org, in v3 they don't have permission?

cc @belinda-liu