Make custom roles readable for all group/instance members
Summary
In !152925 (comment 1934358796) we started discussion about the desired visibility of the custom roles. The situation now:
- on self-managed (only instance-level custom roles), every owner of a group can see the custom roles (and assign them to the users of their group)
- on SaaS (only group-level custom roles) only owners of respective groups can see the custom roles of the groups they are owners of
Solution
- on self-managed, everyone is allowed to see custom roles. (instance-level)
- on SaaS, every group member (guest+) can see custom roles of their group.
This was approved by the product
Reasoning
- on self-managed, anyone who can create a group, can do so and therefore see the custom roles anyway
- on SaaS, we should try to unify the visibilities with self-managed as much as possible. Lets consider a self-managed instance as an organization, I think we can compare that with a group on SaaS (organization in the future, but I'll ignore this for now). So if a member of a organisation (user of an instance) can see the custom roles, the same should be for self-managed (member of a group)
Tasks
-
Clarify the visibility of the custom roles (and change the description accordingly) -
Change the code to respect the agreed visibility level
Edited by Jarka Košanová