Organization admin area controller framework

Drew Blessingrequested to merge
dblessing_org_admin_area_framework into master

What does this MR do and why?

The admin area is being re-used to establish an Organization Admin area. This will allow us to easily migrate current instance admin capabilities to organizations over time. This MR creates the initial authorization framework and stubs out the organization admin dashboard.

  • Admin::ApplicationController - Retains current admin area behavior for instance admins. All current admin controllers inherit from this controller. Controllers that inherit from this controller will eventually move to inherit from either of the next two controllers based on the level at which the feature is available. Organization owners do not have access to any of these controllers.
  • Admin::Instance::ApplicationController - When a controller inherits from this controller it signifies that a decision has been made that the given feature will remain instance-level only. Organization owners will not have access.
  • Admin::Organizations::ApplicationController - When a controller inherits from this controller it signifies that the feature is available to Organization owners.
    • The set_current_organization method is also overridden in this controller. The Current.organization context in the admin area should be solely based on the path. Otherwise, for example, an organization owner's Current.organization would fall back to the organization they belong to and they could visit /admin to see their organization's admin area. It should only be accessible to them at /o/org_path/admin.

Introduces the org_admin_area feature flag scoped to organization so rollout can be controlled.

As written, the only way to successfully get to the new Organization owner dashboard is to visit /o/org_path/admin/organization. In the next MR I will add distinct "Instance overview" and "Organization overview" admin sidebars, and also add automatic routing of /o/org_path/admin to the correct dashboard based on instance compared to organization owner access.

Organization owners are not yet subject to admin mode/step up authentication. That will come later.

Next MR: Organization admin area sidebar menus and root ... (!226689)

References

Organization Owner Access to Admin Area (#587370)

Create Org Admin controller framework (#580540 - closed)

Screenshots or screen recordings

Before After

How to set up and validate locally

  1. Enable Feature Flags. In Rails console (bundle exec rails c):

    Feature.enable(:org_admin_area)
Feature.enable(:ui_for_organizations)
Feature.enable(:organization_switcher)
Feature.enable(:organization_scoped_paths)

  2. Create a New Organization

    org = Organizations::Organization.create!(name: 'Test Organization', path: 'test-org')

  3. Create or Find a User to Make Org Owner. Use existing or create new.

    user = User.find_by(username: 'username')
# or
user = User.create!(name: 'Org Owner', username: 'org_owner', email: 'org_owner@example.com', password: 'password123')

  4. Make User an Organization Owner

    Organizations::OrganizationUser.create!( organization: org, user: user, access_level: :owner )

  5. Sign in as the org owner user (not an instance admin)

  6. Navigate to /o/test-org/admin/organization . This is accessible to the org owner, although no content exists and sidebar incorrectly shows 'Your work'. This will be addressed in the follow-up MR.

  7. Sign in as instance admin

  8. Navigate to /admin and observe admin area is accessible as per normal.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Drew Blessing

Merge request reports