Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow org admins to create guest users #1268

Closed
hahn-kev opened this issue Nov 25, 2024 · 1 comment · Fixed by #1373
Closed

allow org admins to create guest users #1268

hahn-kev opened this issue Nov 25, 2024 · 1 comment · Fixed by #1373
Assignees
@rmunn
Labels
📦 Lexbox issues related to any server side code, fw-headless included
Milestone
v3

Comments

@hahn-kev
Copy link
Collaborator

Describe the feature
If we want to demote site admins to org admins, we want to preserve the features they have one being the ability to create guest users

Who is this feature for?
Org managers

Pages affected
Project page, permissions service
@hahn-kev hahn-kev added this to the v3 milestone Nov 25, 2024
@hahn-kev hahn-kev added the 📦 Lexbox issues related to any server side code, fw-headless included label Dec 11, 2024
@rmunn
Copy link
Contributor

rmunn commented Jan 13, 2025

This is slightly more complicated than simply changing the permissions methods: some of the places where permissions are checked, such as BulkAddProjectMembers, use the [AdminRequired] attribute, which simply checks the user role on the JWT. We have two options:

  1. We could add an "org admin" role that goes on JWTs, which would then have to be deactivated any time a user is demoted from being an org admin (i.e. we'd have to force a logout on that user, otherwise he'd still have access permissions he should no longer have until the next time he logged out). Or
  2. We could change these uses of [AdminRequired] to be method calls inside the function, rather than attributes. Method calls inside the function would have access to the project ID and could make database lookups, so they can enforce more subtle rules than "does the JWT have this flag?".

I'm going to go with option 2.

@rmunn rmunn mentioned this issue Jan 13, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rmunn rmunn

Labels
📦 Lexbox issues related to any server side code, fw-headless included
Projects
None yet
Milestone
v3
Development

Successfully merging a pull request may close this issue.

Allow org admins to create guest users sillsdev/languageforge-lexbox
2 participants
@rmunn @hahn-kev