29 lines
1.0 KiB
Markdown
29 lines
1.0 KiB
Markdown
|
# Assign Roles to Members
|
||
|
|
|
||
|
|
**ID:** ORG-003
|
||
|
|
**Priority:** High
|
||
|
|
**Status:** Planned
|
||
|
|
|
||
|
|
## User Story
|
||
|
|
As an organization owner, I want to assign different roles to team members so that I can control what each person can access and do within the organization.
|
||
|
|
|
||
|
|
## Acceptance Criteria
|
||
|
|
- [ ] Owner can create custom roles for the organization
|
||
|
|
- [ ] Default roles: Owner, Admin, Member, Viewer
|
||
|
|
- [ ] Each role has configurable permissions
|
||
|
|
- [ ] Owner can assign/change roles for any member
|
||
|
|
- [ ] Role changes take effect immediately
|
||
|
|
- [ ] Members can view their own role and permissions
|
||
|
|
- [ ] Audit log for role changes
|
||
|
|
- [ ] At least one Owner must exist at all times
|
||
|
|
|
||
|
|
## Technical Notes
|
||
|
|
- RoleManager exists with basic role infrastructure
|
||
|
|
- `getRolesAndOrganizationsForUserId` endpoint available
|
||
|
|
- Need to expand Role model with permissions array
|
||
|
|
- Consider permission inheritance (Admin inherits Member permissions)
|
||
|
|
- JWT claims should include role for authorization
|
||
|
|
|
||
|
|
## Related TODOs
|
||
|
|
- Partial implementation exists in RoleManager
|