- Notifications
You must be signed in to change notification settings - Fork1k
chore: add built in organization roles to match site#13938
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
Added org user admin, org template admin, and org auditor
| Site:Permissions(map[string][]policy.Action{ | ||
| // To assign organization members, we need to be able to read | ||
| // users at the site wide to know they exist. | ||
| ResourceUser.Type: {policy.ActionRead}, | ||
| }), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
This needs to be fixed by only needing the org member read permission. ButExtractUser is currently used in organization routes, where an org member should probably be sufficient.
| Site:Permissions(map[string][]policy.Action{ | ||
| // To assign organization members, we need to be able to read | ||
| // users at the site wide to know they exist. | ||
| ResourceUser.Type: {policy.ActionRead}, | ||
| }), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
This is unfortunate, but to add a user to an org, we need to know that user exists.
Uh oh!
There was an error while loading.Please reload this page.
Added org user admin, org template admin, and org auditor
Closes#13763