Roles system in Rake

# Roles system in Rake ## Links [moqups](https://app.moqups.com/29XD0kH0ly/view/page/abd31187b) [Main doc](https://docs.google.com/spreadsheets/d/1Yt-dIKgR0JM3qpwL8Nc2kXSg9kgEI9U3tnF51ik-gUA/edit#gid=900932011) ## Choosed decision 1. After invite, on registration form, we can see personal info about user. UI for invite will be not changed. But API call must have ability to set first name, last name, email, phone number. When user open link it will be see this value on form 2. <span style='color:red'>How to show the list of system users. Do we need to add some filters, like project system user or organization system user, or workspace.</span> 3. <span style='color:red'>If I am owner of organization, I also have access to all projects? Even I not create them?</span> ## Status calls ## Questions: 1) remeber me -- deprecated 2) expired token (60 mins without activity) 3) assign new role for user -- rabbit topic 4) edit role with a perant Id -- do not allow to edit these roles from ui -- union values 5) assign role to the users route -- it is ok to have one route for all situations ### Status call 11.08 Agenda: - End discuss Roles system - UI improvements (Andy proposal) ![](https://i.imgur.com/NXuKzGb.png) - The organization, project and bot levels for system functions - Deactivating system user from bot, project, organization - standard roles and system functions what they include - invite templates - registration form (moqup) > Should we use example from rake user app? ![](https://i.imgur.com/E74q2hW.png) - assignment of a status role by whom can be assigned -Only members of this role can view this role. -Only members of this role can assign this role -Only [organization/project/workspace] members of this role can assign this role. #### Results - registration form * without scroll * less margin\padding between fields * change background image of page - invite templates * Mike provide templates * One email template for invites * Invite must handle organization, project, workspace Mike to create mockup for Detach Higthlight on edit role selected and children ![](https://i.imgur.com/T7xgUp7.png) - Child Roles are not created based on system config values for a new organization/project/workspace in the api route. However, creating a new project would pull from its parent organization defaultRoles setting. Creating a new workspace would pull from its parent project defaultRoles setting (if it exists) or from its parent organization defaultRoles setting if not. Instead, we would pass a parameter with the roles to create. we also need settings in organizations and projects collections with child roles to create when a new project or workspace is corrected. organizations setting may have settings for default Project Roles and default Workspace Roles. in projects, if defaultWorkspaceRoles is defined, if would override that setting in organizations. this defaultRoles in system config is used in create organization route, unless a value is passed for defaultRoles in that call, which would override. instead, we will store it for UI logic on front end to use when we create an organization (in the future) from a new sign up. but, if we call the route directly, it would not create any default roles ``` { nodeEnv, defaultRoles: { organization: [7,8,9], project: [1,2,3], workspace: [6,4,55] } } { organizationId: 5, defaultRoles: { project: [1,2,3], // override system workspace: [6,4,55] // override system } }, { projectId: 5, defaultRoles: { workspace: [6,4,55] // override organization } } ``` ## Definitions > assignments - where you can this role use > > scope - where you can CRUD this role ### Discuss Rule: > 1. Availability type can not be greater then assigment scope > 2. Availability type can be equel with assigment scope, but must include only curent projectId <table> <tr> <th>DB</th> <th>Edit/Delete this role is availabile in</th> <th>Assigne role to user is available in</th> <th>System functions attached to this role has level</th> </tr> <tr> <td> <pre> { scope: { type: "workspace", }, assignments: { }, isSystem: true } </pre> </td> <td>projectId: 5</td> <td>projectIds: 5</td> <td>project, bot\workspace</td> </tr> <tr> <td> <pre> { assignmentScope: { type: "project", id: 5 }, availabilityScope: { type: "project", ids: [] } } </pre> </td> <td>projectId: 5</td> <td>projectIds: 5</td> <td>project, bot\workspace</td> </tr> <tr style="background:#e25d5d"> <td> <pre> { assigmentScope: { type: "project", id: 5 }, availabilityScope: { type: "project" ids: [5,7] } } </pre> > rule 2 does not work here. This record is incorrect </td> <td>projectId: 5</td> <td>projectId: 5,7</td> <td>project, bot\workspace</td> </tr> <tr> <td> <pre> { assignmentScope: { -- edit type: "organization", id: 5 }, availabilityScope: { type: "project" ids: [5,7] } } </pre> </td> <td>organizationId: 5</td> <td>projectIds: 5,7</td> <td>project, bot\workspace</td> </tr> <tr> <td> <pre> { scope: { type: "organization", id: 5 }, assignments: { type: "project" } } </pre> </td> <td>organizationId: 5</td> <td>projectIds: all in organizationId: 5</td> <td>project, bot\workspace</td> </tr> <tr> <td> <pre> { assigmentScope: { type: "organization", id: 5 }, availabilityScope: { type: "workspace" } } </pre> </td> <td>organizationId: 5</td> <td>workspaceIds: all in organizationId: 5</td> <td>bot\workspace</td> </tr> <tr> <td> <pre> { assigmentScope: { type: "organization", id: 5 }, availabilityScope: { type: "workspace", ids: [1,2] } } </pre> </td> <td>organizationId: 5</td> <td>workspaceIds: 1,2</td> <td>bot\workspace</td> </tr> <tr> <td> <pre> { assigmentScope: { type: "system" }, availabilityScope: { type: "workspace", } } </pre> </td> <td>system (super user) level</td> <td>all workspaces in system</td> <td>bot\workspace</td> </tr> <tr> <td> <pre> { assigmentScope: { type: "system" }, availabilityScope: { type: "project", } } </pre> </td> <td>system (super user) level</td> <td>all projects in system</td> <td>project, bot\workspace</td> </tr> <tr> <td> <pre> { assigmentScope: { type: "system" }, availabilityScope: { type: "organization", } } </pre> </td> <td>system (super user) level</td> <td>all organization in system</td> <td>organization, project, bot\workspace</td> </tr> </table> # Questions 1) Invite user blade ![](https://i.imgur.com/zDHXRrB.png) What is the relation between scope for system users grid and scope for invite -- Show only chosed scope