search

Flagsmith / flagsmith

Open Source Feature Flagging and Remote Config Service. Host on-prem or use our hosted version at https://flagsmith.com/
https://flagsmith.com/
BSD 3-Clause "New" or "Revised" License
4.78k stars 364 forks source link

Allow setting all user permissions at invite time #4002

Open rolodato opened 4 months ago

rolodato commented 4 months ago

Is your feature request related to a problem? Please describe.

In the "Users and Permissions" section for organisations, we mention:

Anyone with link can join as a standard user, once they have joined you can edit their role from the team members panel.

When clicking on "Invite Users", we also mention:

Users without administrator privileges will need to be invited to individual projects.

This can be frustrating for invite-only organisations (i.e. most Enterprise customers), since it requires an administrator to:

  1. Create an invitation for a given user
  2. Wait until the user accepts the invite and notifies the admin that they've accepted
  3. Set the correct permissions for the user

Step 2 can take an annoyingly long amount of time and still requires the admin to be involved in the process. Availability of sufficient admins can be a blocker for the whole team here.

Describe the solution you'd like.

It should be possible to set all user permissions, and not just a role, when inviting users to an organisation.

I don't think it's necessary to support this functionality for invite links, though might be nice to have for completeness.

Describe alternatives you've considered

🤷

Additional context

This was specifically requested by a private cloud customer, calling it out as a notable pain point.

cc @gagantrivedi

kyle-ssg commented 4 months ago

It feels like the best solution would be to create a user or something close to at the point of inviting. This way the admin can also edit said permissions before the user accepts/signs up. There's a lot of permissions so this would make sense.

@matthewelwell Thinking about https://github.com/Flagsmith/flagsmith/issues/4036, I just wonder if this could mean we do option 1 here, falling back to link if email is not enabled. This would let us invite a user with permissions, create a partial user and have a link at the end of it when email isn't enabled.

kyle-ssg commented 4 months ago

Discussing with @matthewelwell, we think the preferred route forward is to add groups to invites. This is currently supported for email invite, just needs adding to links.