Skip to content

πŸ”’οΈ(organization) the first user is not admin #776

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 4 commits into
base: main
Choose a base branch
from
Draft

πŸ”’οΈ(organization) the first user is not admin #776

wants to merge 4 commits into from

Conversation

qbey
Copy link
Member

@qbey qbey commented Mar 7, 2025

Purpose

The first user of a organization is probably not an admin. This was implemented for first tests but for now it's more a security issue than something helpful.

FIXES #775

Proposal

  • Do not associate organization admin access when creating an Organization at user login.

@qbey qbey self-assigned this Mar 7, 2025
@qbey qbey added the backend label Mar 7, 2025
@qbey qbey force-pushed the qbey/remove-first-org-user-is-admin branch from 2a4ca1b to 1462dae Compare March 7, 2025 16:59
@qbey qbey requested a review from sdemagny March 7, 2025 16:59
@qbey qbey enabled auto-merge (rebase) March 7, 2025 17:39
@qbey qbey disabled auto-merge March 7, 2025 17:44
Morendil
Morendil requested changes Mar 10, 2025
View reviewed changes
Copy link
Contributor

@Morendil Morendil left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We are currently relying on this behaviour in the communes plugin, so I would prefer delaying this change until the reworked onboarding process is ready.

@qbey
Copy link
Member Author

qbey commented Mar 10, 2025

@Morendil Ok, stand-by on this, but the current behavior is bad. This must be fixed soon.

@qbey qbey marked this pull request as draft March 10, 2025 12:55
@Morendil
Copy link
Contributor

@qbey Yes, I have a fix in mind - change the plugin contract to "ask" whether to grant admin access instead of notifying of a grant (after the fact). This should let us remove the grant in the general case but preserve the current behaviour for communes for the time being. I need a few days to get around to working out the details though…

qbey added 3 commits June 12, 2025 15:14
@qbey
✨(resource-server) add SCIM /Me endpoint
32b13d0 
This provide a "self-care" SCIM endpoint, authenticated with OIDC token
introspection. This endpoint will be use by services to fetch the user's
team list.

We chose to use the SCIM format (even if this is not a SCIM context) to
make it easier to understand/maintain/plug.
@qbey
πŸ§‘β€πŸ’»(docker) split frontend to another file
527b12e 
This commit aims at improving the user experience:
- Use a dedicated `Dockerfile` for the frontend
- Run the backend and frontend in "watch"/dev mode in Docker
- Do not start all Docker instances for small tasks
@qbey
πŸ”§(git) set LF line endings for all text files
39ee1ad 
Windows users are by default using CRLF line endings,
which can cause issues with some tools and
environments. This commit sets the `.gitattributes`
file to enforce LF line endings for all text
files in the repository.

Based on the same commit on docs
@qbey qbey force-pushed the qbey/remove-first-org-user-is-admin branch from 1462dae to e7ebe93 Compare June 17, 2025 11:13
@qbey
πŸ”’οΈ(organization) the first user is not admin
4f4a859 
The first user of a organization is probably not an admin.
This was implemented for first tests but for now it's more
a security issue than something helpful.

FIXES #775
@qbey qbey force-pushed the qbey/remove-first-org-user-is-admin branch from e7ebe93 to 4f4a859 Compare June 17, 2025 11:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Morendil Morendil Morendil requested changes

@sdemagny sdemagny sdemagny approved these changes

Requested changes must be addressed to merge this pull request.

Assignees

@qbey qbey

Labels
backend
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Remove "first user is organization admin" feature
3 participants
@qbey @Morendil @sdemagny