Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: view, add, and remove platform roles on users #3840

Merged
merged 1 commit into from
Dec 5, 2024
Merged

feat: view, add, and remove platform roles on users #3840

merged 1 commit into from
Dec 5, 2024

Conversation

shreddedbacon
Copy link
Member

@shreddedbacon shreddedbacon commented Nov 10, 2024
edited
Loading

General Checklist

  • Affected Issues have been mentioned in the Closing issues section
  • Documentation has been written/updated
  • PR title is ready for inclusion in changelog

Database Migrations

  • If your PR contains a database migation, it MUST be the latest in date order alphabetically

Managing Platform Wide Users

This feature adds the functions required to view, and manage the roles of platform wide users.

No longer required to log in to Keycloak to manage the users in these roles. The allPlatformUsers query supports filtering by email, id, role, and if supported gitlabId, allowing for finding who is in a role, or if a user has any roles, quickly.

New: Platform Organization Owner

Another platform wide role called platform-organization-owner is also included in this PR. This role would allow a user to create, delete, and update organizations, and list all deploytargets within Lagoon. This role is also able to assign and unassign deploytargets on an organization.

Additionally, the ability to interact with organizations by way of what the standard organization-owner role would grant is part of this role. To interact with projects within an organization, similar to the standard organization-owner role, a user with this role will still need to be added to a group.

This role is useful for granting a lower level of access to certain members of a team managing a platform to manage organizations, without needing to grant full platform owner role.

CLI examples for verification

With a lagoon CLI configured for local API access (or if using local-stack in k3d) it is possible to run some commands to list, add, and remove a user. If this is approved, then the CLI will get updated to include these as commands.

# list all current platform owners
lagoon -l local-k3d raw --raw 'query allPlatformUsers{
    allPlatformUsers(role: OWNER){
        email
        platformRoles
    }
}'

# add owner role to guest user
lagoon -l local-k3d raw --raw 'mutation addPlatformRoleToUser{
    addPlatformRoleToUser(user:{email:"[email protected]"}, role: OWNER){
        email
        platformRoles
    }
}'

# list all owners again and see the guest user
lagoon -l local-k3d raw --raw 'query allPlatformUsers{
    allPlatformUsers(role: OWNER){
        email
        platformRoles
    }
}'

# remove owner role from guest user
lagoon -l local-k3d raw --raw 'mutation removePlatformRoleFromUser{
    removePlatformRoleFromUser(user:{email:"[email protected]"}, role: OWNER){
        email
        platformRoles
    }
}'

Closing issues

closes #3635

@shreddedbacon shreddedbacon marked this pull request as ready for review November 17, 2024 20:33
@shreddedbacon shreddedbacon added this to the 2.23.0 milestone Nov 17, 2024
rocketeerbkw
rocketeerbkw requested changes Nov 27, 2024
View reviewed changes
services/api/src/typeDefs.js Outdated Show resolved Hide resolved
services/api/src/typeDefs.js Outdated Show resolved Hide resolved
services/api/src/models/user.ts Outdated Show resolved Hide resolved
@tobybellwood tobybellwood merged commit 630e656 into main Dec 5, 2024
2 checks passed
@tobybellwood tobybellwood deleted the manage-platform-users branch December 5, 2024 00:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rocketeerbkw rocketeerbkw rocketeerbkw approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.23.0
Development

Successfully merging this pull request may close these issues.

Manage who has platform-owner role via API
3 participants
@shreddedbacon @rocketeerbkw @tobybellwood