search

vendure-ecommerce / vendure

The commerce platform with customization in its DNA.
https://www.vendure.io
Other
5.67k stars 1.01k forks source link

Assign Permission to Users per Channel #3095

Open Draykee opened 2 weeks ago

Draykee commented 2 weeks ago

Is your feature request related to a problem? Please describe. Currently, assigning permissions in our system is rigid and inefficient because roles are directly tied to users and channels independently. This setup forces us to create multiple roles for each channel even if they share similar permissions.

For instance, if I want to assign admin (role) permissions to a user for Channel X and only support (role) permissions for the same user on Channel Y, I must create duplicate roles for each channel, when I want to have each admin and support roles for the channels. This results in a complex and error-prone permission management process once you work with multiple channels and roles.

Describe the solution you'd like I propose a more flexible permission assignment system where roles can be assigned based on a combination of user and channel. Instead of binding a role solely to a user or a channel, we would assign roles to a pair of user + channel (UserChannelRole). This approach would allow for precise control over permissions on a per-channel basis without the need to duplicate roles across different channels. For example, a user could be assigned the 'admin' role on Channel X and 'support' on Channel Y with just a single assignment operation per channel.

image

Describe alternatives you've considered I can't think of any simpler alternative. The current alternative is to create new roles every time.

Additional context Implementing this feature would significantly streamline our permission management process, reducing administrative overhead and the potential for errors.

DanielBiegler commented 6 days ago

Yes please. For anyone that wants a concrete example, see the POC multi vendor plugin inside the service.

https://github.com/vendure-ecommerce/vendure/blob/1b4c50fffcac08d0f256eff875ddd1023499a580/packages/dev-server/example-plugins/multivendor-plugin/service/mv.service.ts#L138-L172)

You gotta create ${shopCode}-admin roles per seller which becomes a PITA quite quick once you need to add/remove a permission for all "*-admin" roles. Or is there an ergonomic way to deal with it right now @Draykee ? I dont think so?

Draykee commented 2 days ago

I also had to solve it like this as well. I will most likely run a database query to add/remove permissions to roles.

We already have 50+ roles, and we didn't even fully launch the feature yet. In the future we also need admin, moderator, etc. roles per channel, so the amount of roles will at least 3x.

@dlhck If you guys decide to bring the rework earlier, I'm down to help with contributions. I believe the rework might actually be smaller then we think. The biggest part might be the UI and the migration script