rilldata
Share Project Popover
closes #5815
https://www.figma.com/design/Qt6EyotCBS3V6O31jVhMQ7/RILL-Latest?node-id=6801-232076&node-type=canvas&t=RbLXuShzLAEx5sVX-0
- [x] revisit list item name change
- [x] pending photo url in the avatar https://github.com/rilldata/rill/issues/5889 https://github.com/rilldata/rill/pull/5888
- [x] "You should be able to modify the roles for
all-users– if not, let me know and we’ll fix it" - [x] "Everyone at Rill Data"
- [x] add info icon for project perm manage members https://github.com/rilldata/rill/pull/5887#issuecomment-2415065713
- [ ] https://github.com/rilldata/rill/pull/5887#discussion_r1799955918
- Project Viewers should not be allowed to change a Project Member's role. We should draw from the
manage_project_membersproject permission.
Only users that can manageProjectMembers will see the user invite button, see: https://github.com/rilldata/rill/blob/main/web-admin/src/features/navigation/TopNavigationBar.svelte#L180-L182
UXQA:
- [x] Project Viewers should not be allowed to change a Project Member's role. We should draw from the
manage_project_membersproject permission.- [ ] I don't see the ability to set the default role for "epg" Organization Members. The ability to set this role should draw from the
manage_org_membersorganization permission.- [ ] Should we hide the default "all-users" group from this UI? It represents all users in the organization, which is duplicative to the "Organization" section/setting. (CC @ericokuma, @jkhwu)
- [x] Should I be able to downgrade myself from "Admin" to "Viewer"? (CC @ericokuma, @jkhwu)
- [x] I'm seeing a
cursor-pointerwhen I hover over the Organization and Group list items, yet nothing happens when I click.- [x] I'm not seeing the text "Everyone from" [org] or "Everyone from" [group]. This could relate to this warning in my browser console:
- Yes, we should hide the all-users group
- Hmm, currently in other systems, you can downgrade yourself. You can also downgrade your role via CLI. So you should be able to downgrade yourself via UI?
- I don't see the ability to set the default role for "epg" Organization Members. The ability to set this role should draw from the
manage_org_membersorganization permission.
I didn't implement this right off the bat because I wanted to keep this PR contained to project user management changeset. If we choose to include this org user role change from this project popover, we would have to individually set the role for each org user using createAdminServiceSetOrganizationMemberUserRole
{
organization: string;
email: string;
data: {
role?: string;
};
}
and if we have 300 users in this project, we'd have to fire the request 300 times.
Only users that can manageProjectMembers will see the user invite button, see: https://github.com/rilldata/rill/blob/main/web-admin/src/features/navigation/TopNavigationBar.svelte#L180-L182
Oh, I see what happened. My user was an Org Admin, so I got the manage_project_members permission by default.
So this is a case where I'd expect to see the exclamation mark w/ tooltip to indicate that the Project Viewer role is overridden/overpowered by the Organization Admin role.
- I don't see the ability to set the default role for "epg" Organization Members. The ability to set this role should draw from the
manage_org_membersorganization permission.I didn't implement this right off the bat because I wanted to keep this PR contained to project user management changeset. If we choose to include this org user role change from this project popover, we would have to individually set the role for each org user using
createAdminServiceSetOrganizationMemberUserRole{ organization: string; email: string; data: { role?: string; }; }and if we have 300 users in this project, we'd have to fire the request 300 times.
Oh I see. I agree that e.g. 300 individual requests would not be the way forward. We shouldn't be setting user_orgs_roles from this Project popover.
The designs seem to imply that we have an organizations_projects_roles table. We don't, but we do have a usergroups_projects_roles table. I could imagine an automatic <organization>-users usergroup for every organization, or I could imagine a dedicated organizations_projects_roles table. @begelundmuller @ericokuma, thoughts on this?
Hmm, currently in other systems, you can downgrade yourself. You can also downgrade your role via CLI. So you should be able to downgrade yourself via UI?
@ericokuma, the "Share" button is only available to Project Admins, right? So if I use the popover to downgrade myself from Admin to Viewer, I'll be ejected from the popover I think. Open to anything, but thoughts on this?
- I don't see the ability to set the default role for "epg" Organization Members. The ability to set this role should draw from the
manage_org_membersorganization permission.I didn't implement this right off the bat because I wanted to keep this PR contained to project user management changeset. If we choose to include this org user role change from this project popover, we would have to individually set the role for each org user using
createAdminServiceSetOrganizationMemberUserRole{ organization: string; email: string; data: { role?: string; }; }and if we have 300 users in this project, we'd have to fire the request 300 times.
Oh I see. I agree that e.g. 300 individual requests would not be the way forward. We shouldn't be setting
user_orgs_rolesfrom this Project popover.The designs seem to imply that we have an
organizations_projects_rolestable. We don't, but we do have ausergroups_projects_rolestable. I could imagine an automatic<organization>-usersusergroup for every organization, or I could imagine a dedicatedorganizations_projects_rolestable. @begelundmuller @ericokuma, thoughts on this?
Ah, the designs were just assuming that all users who have access to an org will have access to projects. I think have a dedicated organizations_projects_roles table might be nice although wouldn't the all-users user group suffice?
Hmm, currently in other systems, you can downgrade yourself. You can also downgrade your role via CLI. So you should be able to downgrade yourself via UI?
@ericokuma, the "Share" button is only available to Project Admins, right? So if I use the popover to downgrade myself from Admin to Viewer, I'll be ejected from the popover I think. Open to anything, but thoughts on this?
Ah yeah that's true. I guess to safeguard, I'm fine blocking that for now!
- I don't see the ability to set the default role for "epg" Organization Members. The ability to set this role should draw from the
manage_org_membersorganization permission.I didn't implement this right off the bat because I wanted to keep this PR contained to project user management changeset. If we choose to include this org user role change from this project popover, we would have to individually set the role for each org user using
createAdminServiceSetOrganizationMemberUserRole{ organization: string; email: string; data: { role?: string; }; }and if we have 300 users in this project, we'd have to fire the request 300 times.
Oh I see. I agree that e.g. 300 individual requests would not be the way forward. We shouldn't be setting
user_orgs_rolesfrom this Project popover. The designs seem to imply that we have anorganizations_projects_rolestable. We don't, but we do have ausergroups_projects_rolestable. I could imagine an automatic<organization>-usersusergroup for every organization, or I could imagine a dedicatedorganizations_projects_rolestable. @begelundmuller @ericokuma, thoughts on this?Ah, the designs were just assuming that all users who have access to an org will have access to projects. I think have a dedicated organizations_projects_roles table might be nice although wouldn't the all-users user group suffice?
Oh yeah, the all-users group is exactly the automatic <organization>-users usergroup I was thinking of! The "Viewer" toggle in the design implies that you can change Organization Members' default Project role from "Viewer" to "Admin", if you'd like. So to implement this @lovincyrus, the toggle should change the "all-users" Project role to "Admin".
- I don't see the ability to set the default role for "epg" Organization Members. The ability to set this role should draw from the
manage_org_membersorganization permission.I didn't implement this right off the bat because I wanted to keep this PR contained to project user management changeset. If we choose to include this org user role change from this project popover, we would have to individually set the role for each org user using
createAdminServiceSetOrganizationMemberUserRole{ organization: string; email: string; data: { role?: string; }; }and if we have 300 users in this project, we'd have to fire the request 300 times.
Oh I see. I agree that e.g. 300 individual requests would not be the way forward. We shouldn't be setting
user_orgs_rolesfrom this Project popover. The designs seem to imply that we have anorganizations_projects_rolestable. We don't, but we do have ausergroups_projects_rolestable. I could imagine an automatic<organization>-usersusergroup for every organization, or I could imagine a dedicatedorganizations_projects_rolestable. @begelundmuller @ericokuma, thoughts on this?Ah, the designs were just assuming that all users who have access to an org will have access to projects. I think have a dedicated organizations_projects_roles table might be nice although wouldn't the all-users user group suffice?
Oh yeah, the
all-usersgroup is exactly the automatic<organization>-usersusergroup I was thinking of! The "Viewer" toggle in the design implies that you can change Organization Members' default Project role from "Viewer" to "Admin", if you'd like. So to implement this @lovincyrus, the toggle should change the "all-users" Project role to "Admin".
~~all-users is a special usergroup that cannot be modified. By default, there is no role for all-users.~~
~~See screenshot~~
Update: all-users at the project level is modifiable
Yikes...so probably for now, we can omit the role for the org-project relationship and just inherit the org-user-role to determine a user's role for a project?
cc @jkhwu