fix: allow to update project organization

ansible / eda-server

Event Driven Ansible for AAP

Apache License 2.0

59 stars 35 forks source link

fix: allow to update project organization #951

Closed bzwei closed 3 weeks ago

bzwei commented 3 weeks ago

AAP-25825: The PATCH /projects api does not update the organization_id

Dostonbek1 commented 3 weeks ago

I'm not quite sure if allowing changing organization for project makes sense to me. Following the RBAC hierarchy Organization -> Project, we are essentially migrating a project from one org to another. Even if we allow that, should the permission for that be more strict, e.g. only Admin user of both orgs can perform this change, not just anyone with change_project permission? @AlanCoding could you chime in, in case I'm missing something here?

bzwei commented 3 weeks ago

If project does not allow to switch organization, what about other types such as DecisionEnviornment, EdaCredential, and CredentialType? They all allow to switch organizations by the PATCH method. We need to be consistent.