Owner/Admin Role - Feature & Permission Checklist
Role Types
- RBAC Role: "Owner" or "Administrator" (tenant-specific RBAC system)
- Legacy Fallback: Users with tenant group
role_type= "owner" or "administrator"
Navigation & Visibility
โ Always Visible (All Authenticated Users)
- Dashboard (
/dashboard) - Overview and analytics - Projects (
/projects) - List all projects in current tenant - Images (
/images) - Browse container image catalog - Profile (
/profile) - View user profile - Settings (
/settings) - User account settings
โ Owner/Admin Only
- Builds (
/builds) - Build management and creation - Tenants (
/tenants) - Manage tenant organizations (only if Owner/Admin role)
โ System Admin Only
- Admin Dashboard (
/admin/dashboard) - System-wide statistics and management
Feature Breakdown by Page
๐ Dashboard
- Available to: All authenticated users
- Features:
- View overview/analytics for current tenant
- See aggregated stats across projects
๐ Projects
- Available to: All authenticated users (viewing)
- Owner/Admin Capabilities:
- โ
Create new project (
/projects/new) - โ View project details
- โ
Edit project properties:
- Project name
- Description
- Repository URL
- Branch
- โ View project members (NEW - Member Management Feature)
- โ
Manage project members:
- Add members to project
- Edit member roles (assign RBAC roles)
- Remove members from project
- โ View build history for project
- โ Create builds from project
- โ
Create new project (
๐จ Builds
- Available to: Owner, Admin, Developer, Operator roles
- Owner/Admin Capabilities:
- โ View all builds in tenant
- โ
Create new build (
/builds/new) - โ View build details
- โ View build logs
- โ Cancel running builds (if in progress)
- โ Restart/retry builds
๐ผ๏ธ Images
- Available to: All authenticated users (read-only default)
- Features:
- โ Browse image catalog
- โ Search/filter images
- โ View image details
- โ View image versions and tags
๐ข Tenants (Owner/Admin Only)
- Available to: Owner/Admin role only
- Features:
- โ View all tenants in system
- โ Create new tenant
- โ View tenant details
- โ Edit tenant properties (future)
- โ Delete tenants
- โ View tenant quotas
โ๏ธ Settings (All Users)
- Available to: All authenticated users
- Features:
- โ Account settings (email, theme, timezone)
- โ Security settings (password, 2FA) - planned
- โ Notification preferences - planned
๐ค Profile (All Users)
- Available to: All authenticated users
- Features:
- โ View user profile
- โ Edit basic profile info
- โ Manage profile picture
Member Management Capabilities (NEW - Owner/Admin in Projects)
๐ For Project Members
The Owner/Admin can now manage who has access to projects:
Add Members
- โ Search and add users to project
- โ Add by selecting available users
- โ User must exist in system first
Edit Member Roles
- โ Change member's RBAC role
- โ Available roles: Owner, Administrator, Developer, Operator, Viewer
- โ Clear role (remove specific role)
Remove Members
- โ Delete member from project
- โ Confirmation dialog before removal
- โ Audit log entry created
View Member Details
- โ See member name and email
- โ See assigned role
- โ See join date
Permission Checks in Code
Access Control Logic
Is Owner/Admin? โ canManageTenants = TRUE, canCreateBuilds = TRUE
Is Developer/Operator? โ canCreateBuilds = TRUE, canManageTenants = FALSE
Is Viewer? โ canCreateBuilds = FALSE, canManageTenants = FALSE
All Users? โ canViewImages = TRUE, canManageSettings = TRUE
Admin Dashboard (System Admin Only)
- โ View system-wide statistics
- โ Manage users globally
- โ View audit logs
- โ System configuration
- โ ๏ธ Currently redirects non-admins to dashboard
Testing Plan for Owner/Admin Role
Test User Profile
- Username: (an Owner-level user from your LDAP/database)
- Roles: Owner or Administrator in at least one tenant
- Expected: Should see Projects, Builds, Images, Tenants, Settings
Test Cases to Execute
1. Navigation Visibility
- Can see Tenants nav item
- Can see Builds nav item
- Cannot see Admin Dashboard nav item (unless system admin)
2. Project Management
- View list of projects
- Create new project โ (already tested)
- Edit project details
- Delete project (if implemented)
3. Member Management (NEW - High Priority)
- Open project detail page
- Click "Members" tab
- See list of existing members
- Click "Add Member" button
- Search for user to add
- Add member to project โ (already tested)
- Edit member role (change role dropdown)
- Delete member (with confirmation)
- Verify member is removed from list
4. Build Management
- View list of builds
- Create build from project
- View build details and logs
- Cancel build (if running)
5. Image Management
- Browse image catalog
- Search images
- View image details
6. Tenant Management
- View list of tenants (Owner/Admin only)
- Create new tenant
- Edit tenant (future)
- Delete tenant (future)
7. Role-Based Visibility
- Switch to a different tenant with only Viewer role
- Verify Tenants nav item is hidden
- Verify Builds nav item is hidden
- Switch back to Owner role tenant
- Verify nav items reappear
Audit Trail
All Owner/Admin actions are logged:
- โ Member additions
- โ Member role changes
- โ Member removals
- โ Project updates
- โ Build operations
- โ Tenant operations
Known Limitations / Future Enhancements
- Bulk Operations - Cannot bulk-manage multiple members/projects yet
- Batch Permissions - No role assignment templates
- Quota Management - Cannot modify tenant quotas from UI yet
- Project Transfer - Cannot transfer project ownership to another user
- Member Invitations - Cannot invite external users (must exist in system first)
- Scheduled Builds - Not yet implemented
- Build Webhooks - Not yet configured
- Image Push Permissions - Need to verify who can push images
Related Components & Files
Components
frontend/src/pages/projects/ProjectDetailPage.tsx- Project details with tabsfrontend/src/components/projects/ProjectMembersUI.tsx- Member management UIfrontend/src/pages/tenants/TenantsPage.tsx- Tenant listing (new)frontend/src/components/layout/Layout.tsx- Role-based navigation
Services
frontend/src/services/projectService.ts- Project API callsfrontend/src/services/memberApi.ts- Member management APIfrontend/src/services/tenantService.ts- Tenant API calls
Backend Endpoints
GET /api/v1/projects- List projectsPOST /api/v1/projects- Create projectGET /api/v1/projects/{id}- Get projectPATCH /api/v1/projects/{id}- Update projectGET /api/v1/projects/{id}/members- List membersPOST /api/v1/projects/{id}/members- Add memberPATCH /api/v1/projects/{id}/members/{userId}- Update member roleDELETE /api/v1/projects/{id}/members/{userId}- Remove memberGET /api/v1/tenants- List tenantsPOST /api/v1/tenants- Create tenantDELETE /api/v1/tenants/{id}- Delete tenant
Quick Reference: Owner/Admin vs Other Roles
| Feature | Owner/Admin | Developer | Operator | Viewer | System Admin |
|---|---|---|---|---|---|
| Dashboard | โ | โ | โ | โ | โ |
| Projects | โ (CRUD) | โ (R) | โ (R) | โ (R) | โ (R) |
| Builds | โ (CRUD) | โ (CRUD) | โ (RUN) | โ (R) | โ |
| Images | โ | โ | โ | โ | โ |
| Members | โ (MANAGE) | โ (VIEW) | โ (VIEW) | โ (VIEW) | โ |
| Tenants | โ (MANAGE) | โ | โ | โ | โ |
| Settings | โ (SELF) | โ (SELF) | โ (SELF) | โ (SELF) | โ (SELF) |
| Admin Panel | โ | โ | โ | โ | โ |
Legend: CRUD = Create/Read/Update/Delete, R = Read, RUN = Run/Start, MANAGE = Full control, VIEW = Read-only