gravitee-io
fix(console): correctly handle group assignment across environments in multi-tenant setup
Issue
https://gravitee.atlassian.net/browse/APIM-8844
Description
Previously, adding a user to a group failed when the group belonged to a different environment. This fix ensures group data is fetched and posted to the appropriate environment context.
Additional context
Before
https://github.com/user-attachments/assets/991002a6-706b-468c-9499-e8f93098aa62
After
https://github.com/user-attachments/assets/4b8e6a64-4da0-469e-bfef-84ce97f8d1c0
📚 View the storybook of this branch here
I don't think it's the right way to fix the issue. These checks have been put in place for security reasons to avoid adding people to a group you shouldn't be able to access.
Instead of this, we should have a look at the URL used to add the user to the group. It should use the environmentId of the group, instead of the current environment loaded in webapp context.
Hey @phiz71, I've updated the implementation to filter the list of groups based on the current environment ID. Now, the dropdown will only display groups that belong to the selected environment, ensuring that users don't accidentally add groups from a different environment.
But when you are in the organization screen, you are not supposed to have a current environment. So you should have all groups from the organization. I can see two different fixes:
- For each group selected, console calls the mAPI, using the environmentId associated to the group to add.
- Add a new mAPI resource, at organization level, that allow to add a set of groups. But we have to take care of security stuffs, like don't allow to add groups that don't exist in the current org.
