What happened?

User Role System Needs Organization-Level Scoping

Problem Description

Currently, the user role system (particularly for admin users) is attached to the Users model, which makes someone an admin across all of their organizations. This creates a global admin situation that may not be desired for organization-specific permissions.

Current Behavior

• User roles are stored at the user level
• When a user is made an admin, they become admin for every organization they belong to
• No organization-level role scoping exists

User Roles Requirements:

Members Page

• List self first on members page list. Maybe it says "You" instead of your name or alongside of your name
• Display roles: with comma separated roles in that organization. Ex Coach, Admin (alphabetical)
• For each member, show who their coaches are within that organization.
• Able to promote user to admin role (as admin) "Set as {organization_name} admin"? we might be able to use the organization name explicitly
• Add subtext under Members that says "of {organization name}"

Proposed Solution

Implement a dual-level role system:

Option 1: Dual Role System

• Global User Type: Super user/admin role that overrides organization-level permissions
• Organization-Level User Type: Role that applies only within a specific organization

Role Hierarchy

• Global admin = super user with permissions across all organizations
• Organization admin = admin permissions only within that specific organization
• Global admin role takes precedence over org-level roles

Acceptance Criteria

• Users can have different roles in different organizations
• Global admin role still exists for super users
• Organization admins only have admin permissions within their assigned org
• Role hierarchy is properly enforced (global > org-level)
• Existing admin users are migrated appropriately

Technical Considerations

• Database schema changes needed for organization-scoped roles
• Migration strategy for existing admin users
• UI updates for role management per organization
• Permission checking logic updates throughout the application

What is the version of refactor-platform-rs that you're seeing the problem on?

1.0.0-beta2