Validation for awarding permissions in a child team

[arrenv]

Description

When a user or contract is assigned permissions in a colony, those same permissions are also inherited by child teams. For example, if a member is assigned Funding permissions in the "Root/General" team, then in a child team, such as "Development", that user will also hold the Funding permission.

However, these Funding permissions cannot be removed from the child team specifically, which we now show a validation for. To further improve our validation, we would also like to prevent assigning permissions to users that they already hold in a parent team.

Different permission types

As we have tiered permissions now, we need to account for the differences between the individual core permissions that a user can hold. It may make sense for them to hold some permissions in "Root/General" and another set in child teams, as long as they are not the same permissions.

Simple tiered permission case

• This case shows the handling of a like-for-like tiered permission being selected. Figma link

Simple custom permission case

• This case shows the handling of a like-for-like custom permission. The toggle is on and disabled with a tooltip. Figma link

Partial tiered permissions

Additionally, we will also need to handle situations where some permissions are held in "Root/General" but more are required in the child team, and there is an overlap with the tiered permissions. For example, a user holds "Custom (Funding)" in "Root/General" and is now being assigned "Admin" in a child team. It would be misleading to just show "Admin", even though that is somewhat accurate, as when removing, you would not be able to remove "Admin" permissions.

Therefore, we would like to provide a validation error if a tiered permission is selected where there is an overlap, but also provide a way for users to still easily assign the desired permissions. To do this, we would like there to be a information to help guide the user to set the difference in required permissions, i.e., assigning only "Administration", "Architecture", and "Arbitration" in the child team while the "Custom (Funding)" in "Root/General" is disabled and toggled on with the tooltip.

• Figma Link

Implementation

This issue is complete when...

• [ ] A validation message appears if a user already holds the same permission in a parent team for a tiered permission, preventing awarding the same permissions to the user in a child team.
• [ ] A disabled toggle state and tooltip are shown in a child team with inherited individual custom permissions, preventing awarding the same permissions to the user in a child team.
• [ ] If a tiered permission is selected in a child team, the user should be prompted to toggle the difference with custom permissions in the child team to simplify the UI and help provide the desired outcome.
• [ ] Multi-sig permissions are also considered, but are completely separate from these core permissions.

[rdig]

Why is @rumzledz assigned to this ?

[arrenv]

Why is @rumzledz assigned to this ?

@rumzledz requested to be assigned based on questions he has been asking in relation to his work on this PR - https://github.com/JoinColony/colonyCDapp/pull/2749

[rdig]

Why is @rumzledz assigned to this ?

@rumzledz requested to be assigned based on questions he has been asking in relation to his work on this PR - #2749

Yeah, finally managed to find out what was going on here. Thanks @arrenv