The idm service (for now) has role-based authorization rather than permission-based auth (as with the echo service). Roles were recently revamped for idm users, and one of the old roles, backoffice, was eliminated -- or so I thought. I'd missed a place in the repo where we specifically require users to have the backoffice role in order to create an invitation code. In the short term, we need to fix this to require that users have the admin role instead.
heyheyjp
commented
7 years ago
The
idmservice (for now) has role-based authorization rather than permission-based auth (as with theechoservice). Roles were recently revamped foridmusers, and one of the old roles,backoffice, was eliminated -- or so I thought. I'd missed a place in the repo where we specifically require users to have thebackofficerole in order to create an invitation code. In the short term, we need to fix this to require that users have theadminrole instead.Longer term, we'll switch to permission-based authorization, which should prevent this specific error from being made again.
Related: https://github.com/LearnersGuild/echo/issues/986. Related: https://github.com/LearnersGuild/idm/pull/166.