Skip to content

chore(rbac): Allow OrgViewers to see organization memberships#2280

Merged
jiparis merged 2 commits into
chainloop-dev:mainfrom
jiparis:PFM-3327-viewer
Jul 21, 2025
Merged

chore(rbac): Allow OrgViewers to see organization memberships#2280
jiparis merged 2 commits into
chainloop-dev:mainfrom
jiparis:PFM-3327-viewer

Conversation

@jiparis

@jiparis jiparis commented Jul 21, 2025

Copy link
Copy Markdown
Member

As read-only admins, Org Viewers should be able to see all organization resources.
This PR allow viewers to:

  • query organization memberships (before, only admins and owners could)
  • query group memberships (berfore, only admins and group maintainers could)

Demo (sarah@chainloop.local as OrgViewer):

➜  cldev org member ls
WRN API contacted in insecure mode
┌──────────────────────────────────────┬───────────────────────┬────────┬─────────────────────┐
│ ID                                   │ EMAIL                 │ ROLE   │ JOINED AT           │
├──────────────────────────────────────┼───────────────────────┼────────┼─────────────────────┤
│ 4afbb744-bb94-43e7-a35e-a2f7e1493e60 │ john@chainloop.local  │ owner  │ 18 Jul 25 12:08 UTC │
├──────────────────────────────────────┼───────────────────────┼────────┼─────────────────────┤
│ 088a9b48-d7fe-4e19-80d6-fc8ba6313417 │ sarah@chainloop.local │ viewer │ 17 Jul 25 16:01 UTC │
└──────────────────────────────────────┴───────────────────────┴────────┴─────────────────────┘
INF Showing [1-2] out of 2

As contributor:

✗ cldev org member ls
WRN API contacted in insecure mode
ERR operation not allowed
exit status 1

As Org Admin:

✗ cldev org member ls
WRN API contacted in insecure mode
┌──────────────────────────────────────┬───────────────────────┬───────┬─────────────────────┐
│ ID                                   │ EMAIL                 │ ROLE  │ JOINED AT           │
├──────────────────────────────────────┼───────────────────────┼───────┼─────────────────────┤
│ 4afbb744-bb94-43e7-a35e-a2f7e1493e60 │ john@chainloop.local  │ owner │ 18 Jul 25 12:08 UTC │
├──────────────────────────────────────┼───────────────────────┼───────┼─────────────────────┤
│ 088a9b48-d7fe-4e19-80d6-fc8ba6313417 │ sarah@chainloop.local │ admin │ 17 Jul 25 16:01 UTC │
└──────────────────────────────────────┴───────────────────────┴───────┴─────────────────────┘
INF Showing [1-2] out of 2

jiparis added 2 commits July 21, 2025 14:28
Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
@jiparis jiparis requested review from javirln and migmartri July 21, 2025 12:42
@jiparis jiparis merged commit 0a2046c into chainloop-dev:main Jul 21, 2025
13 checks passed
@jiparis jiparis deleted the PFM-3327-viewer branch July 21, 2025 16:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants