Skip to content

[cloud][CLOUD-73] Disallow site-admin access to organizations on Cloud

Administrator requested to merge CLOUD-73 into main

Created by: kopancek

Description

Disallow site-admin to access organizations on Cloud. Only members of the organization will have read-write access to organization settings, to view the organization fields (including name) and to view it's members.

Related items

https://sourcegraph.atlassian.net/browse/CLOUD-73

Screenshots

Screenshot 2021-11-09 at 21 55 32 Screenshot 2021-11-08 at 16 09 29

Testing locally

New behavior on Cloud

  1. Run sg locally in dotcom mode: EXTSVC_CONFIG_ALLOW_EDITS=true sg start dotcom
  2. Login as a site-admin
  3. Create an organization
  4. Logout and log in as a different site-admin (not a member of the organization)
  5. Go to https://sourcegraph.test:3443/site-admin/organizations and verify that you cannot see the list of organizations
  6. Try to access organization settings by going to https://sourcegraph.test:3443/organizations/PUT_ORG_NAME_HERE/settings and verify that you are shown an error

Old behavior applied when not on cloud

  1. Run sg locally in enterprise mode: EXTSVC_CONFIG_ALLOW_EDITS=true sg start enterprise
  2. Login as a site-admin
  3. Go to https://sourcegraph.test:3443/site-admin/organizations and verify that you can see the list of all orgs defined on the instance
  4. Try to access any organization settings that the site-admin is not a member off - this should work
  5. Try to modify any organization settings that the site-admin is not a member off - this should work
  6. Try to add a member to the organization directly, without creating an invite - this should work

Merge request reports