jbourdon/social-media
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cd6f402d9e7d5c141b29f768340a9f0d270f899c
social-media/docs/TASKS/organizations/002-organization-membership-permissions.md

2.5 KiB
Raw Blame History

Task: Organization membership and inherited permissions

Feature

docs/FEATURES/organizations.md

Goal

Model organization-level memberships and inherited workspace permissions with workspace-level overrides.

Context

Users have global accounts. A user can have rights in multiple organizations and direct access to individual workspaces. Organization membership grants company-level access and inherited workspace permissions. Workspace membership can grant direct access or override workspace-specific inherited permissions.

Scope

  • Add organization membership persistence.
  • Add organization-level roles or permissions for:
    • organization owner/admin
    • organization member management
    • workspace creation/administration
    • billing manager
    • connector manager
  • Define how organization permissions map to inherited workspace permissions.
  • Preserve workspace participant relationship categories: Organization Member and External Collaborator.
  • Allow workspace memberships to override applicable inherited workspace permissions.
  • Ensure billing and connector permissions remain organization-level only.
  • Update access checks used by workspace APIs to consider inherited organization permissions.
  • Add tests for inherited access, direct workspace access, external collaborator access, and override behavior.

Constraints

  • Do not implement billing pages or billing provider integration in this task.
  • Do not implement connector APIs in this task.
  • Do not remove direct workspace membership support.
  • External collaborators must not become organization members automatically.
  • Keep permission names explicit; avoid magic strings where local patterns provide constants.

Likely Files

  • backend/src/Socialize.Api/Modules/Organizations/**
  • backend/src/Socialize.Api/Modules/Workspaces/**
  • backend/src/Socialize.Api/Modules/Identity/**
  • backend/src/Socialize.Api/Data/AppDbContext.cs
  • backend/tests/Socialize.Tests/**

Done When

  • Organization memberships are persisted.
  • Organization roles/permissions include billing manager.
  • Organization-level access can grant inherited access to owned workspaces.
  • Direct workspace-only external collaborators remain supported.
  • Workspace-level overrides apply to workspace-specific permissions.
  • Billing and connector permissions cannot be granted through workspace overrides.
  • Backend tests cover inherited, direct, external collaborator, and override access paths.

Validation Commands

dotnet build backend/Socialize.slnx
dotnet test backend/Socialize.slnx
Reference in New Issue View Git Blame Copy Permalink