-
Notifications
You must be signed in to change notification settings - Fork 76
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
environment and dataset teams missing GET_ORGANIZATION permission #1147
Labels
Projects
Comments
Thanks for the detailed issue. It's added to the list of possible candidates for 2.5 |
dlpzx
added
type: enhancement
Feature enhacement
priority: high
priority: medium
effort: medium
labels
Apr 18, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
There was recently a fix for 2.3 related to how GET_ORGANIZATION permission works: #1139
The summary of the issue is that if you are a member of an environment team or dataset team then you will not have GET_ORGANIZATION permission and that will cause multiple issues in data.all UI:
The PR above partially fixes this issue by adding a new organization resolver which does not require a GET_ORGANIZATION permission. This means that anyone can view some basic information about any organization.
I argue that this fix is ultimately not the best one and the way it should work is this:
If you are a member of an environment team or any dataset team on that environment then you should be granted GET_ORGANIZATION permission on that organization implicitly even if your team is not directly invited into an organization. Logically this makes sense:
To summarize:
Additionally we should add tests to check that dataset teams can view organizations or that they are granted GET_ORGANIZATION permission upon invitation. Also to make sure we test this for environment teams when they are invited to organizations.
The text was updated successfully, but these errors were encountered: