Closed bzwei closed 3 weeks ago
I'm not quite sure if allowing changing organization for project makes sense to me. Following the RBAC hierarchy Organization -> Project, we are essentially migrating a project from one org to another. Even if we allow that, should the permission for that be more strict, e.g. only Admin user of both orgs can perform this change, not just anyone with change_project permission? @AlanCoding could you chime in, in case I'm missing something here?
If project does not allow to switch organization, what about other types such as DecisionEnviornment, EdaCredential, and CredentialType? They all allow to switch organizations by the PATCH method. We need to be consistent.
AAP-25825: The PATCH /projects api does not update the organization_id