[Bug]: User role system needs organization-level scoping #185
Description
What happened?
User Role System Needs Organization-Level Scoping
Problem Description
Currently, the user role system (particularly for admin users) is attached to the Users model, which makes someone an admin across all of their organizations. This creates a global admin situation that may not be desired for organization-specific permissions.
Current Behavior
- User roles are stored at the user level
- When a user is made an admin, they become admin for every organization they belong to
- No organization-level role scoping exists
Proposed Solution
Implement a dual-level role system:
Option 1: Dual Role System
- Global User Type: Super user/admin role that overrides organization-level permissions
- Organization-Level User Type: Role that applies only within a specific organization
Role Hierarchy
- Global admin = super user with permissions across all organizations
- Organization admin = admin permissions only within that specific organization
- Global admin role takes precedence over org-level roles
Acceptance Criteria
- Users can have different roles in different organizations
- Global admin role still exists for super users
- Organization admins only have admin permissions within their assigned org
- Role hierarchy is properly enforced (global > org-level)
- Existing admin users are migrated appropriately
Technical Considerations
- Database schema changes needed for organization-scoped roles
- Migration strategy for existing admin users
- UI updates for role management per organization
- Permission checking logic updates throughout the application
What is the version of refactor-platform-rs that you're seeing the problem on?
1.0.0-beta2