add owner role support (#1340)

This PR adds support to Owner roles. The owner role has a similar access level as the admin, but it has the power to delete the account. Besides that, the role has the following constraints: - The role can only be transferred. So, only a user with the owner role can transfer the owner role to a new user - It can't be assigned to users being invited - It can't be assigned to service users
2025-08-15 17:52:47 +02:00 · 2023-12-01 17:24:57 +01:00
parent b8c46e2654
commit d7efea74b6
15 changed files with 397 additions and 111 deletions
--- a/management/server/account_test.go
+++ b/management/server/account_test.go
@ -306,7 +306,7 @@ func TestDefaultAccountManager_GetAccountFromToken(t *testing.T) {
 		inputInitUserParams:         defaultInitAccount,
 		testingFunc:                 require.NotEqual,
 		expectedMSG:                 "account IDs shouldn't match",
-		expectedUserRole:            UserRoleAdmin,
+		expectedUserRole:            UserRoleOwner,
 		expectedDomainCategory:      "",
 		expectedDomain:              publicDomain,
 		expectedPrimaryDomainStatus: false,
@ -328,7 +328,7 @@ func TestDefaultAccountManager_GetAccountFromToken(t *testing.T) {
 		inputInitUserParams:         initUnknown,
 		testingFunc:                 require.NotEqual,
 		expectedMSG:                 "account IDs shouldn't match",
-		expectedUserRole:            UserRoleAdmin,
+		expectedUserRole:            UserRoleOwner,
 		expectedDomain:              unknownDomain,
 		expectedDomainCategory:      "",
 		expectedPrimaryDomainStatus: false,
@ -346,7 +346,7 @@ func TestDefaultAccountManager_GetAccountFromToken(t *testing.T) {
 		inputInitUserParams:         defaultInitAccount,
 		testingFunc:                 require.NotEqual,
 		expectedMSG:                 "account IDs shouldn't match",
-		expectedUserRole:            UserRoleAdmin,
+		expectedUserRole:            UserRoleOwner,
 		expectedDomain:              privateDomain,
 		expectedDomainCategory:      PrivateCategory,
 		expectedPrimaryDomainStatus: true,
@ -387,7 +387,7 @@ func TestDefaultAccountManager_GetAccountFromToken(t *testing.T) {
 		inputInitUserParams:         defaultInitAccount,
 		testingFunc:                 require.Equal,
 		expectedMSG:                 "account IDs should match",
-		expectedUserRole:            UserRoleAdmin,
+		expectedUserRole:            UserRoleOwner,
 		expectedDomain:              defaultInitAccount.Domain,
 		expectedDomainCategory:      PrivateCategory,
 		expectedPrimaryDomainStatus: true,
@ -406,7 +406,7 @@ func TestDefaultAccountManager_GetAccountFromToken(t *testing.T) {
 		inputInitUserParams:         defaultInitAccount,
 		testingFunc:                 require.Equal,
 		expectedMSG:                 "account IDs should match",
-		expectedUserRole:            UserRoleAdmin,
+		expectedUserRole:            UserRoleOwner,
 		expectedDomain:              defaultInitAccount.Domain,
 		expectedDomainCategory:      PrivateCategory,
 		expectedPrimaryDomainStatus: true,
@ -424,7 +424,7 @@ func TestDefaultAccountManager_GetAccountFromToken(t *testing.T) {
 		inputInitUserParams:         defaultInitAccount,
 		testingFunc:                 require.NotEqual,
 		expectedMSG:                 "account IDs shouldn't match",
-		expectedUserRole:            UserRoleAdmin,
+		expectedUserRole:            UserRoleOwner,
 		expectedDomain:              "",
 		expectedDomainCategory:      "",
 		expectedPrimaryDomainStatus: false,
@ -1183,7 +1183,7 @@ func TestGetUsersFromAccount(t *testing.T) {
 		t.Fatal(err)
 	}

-	users := map[string]*User{"1": {Id: "1", Role: "admin"}, "2": {Id: "2", Role: "user"}, "3": {Id: "3", Role: "user"}}
+	users := map[string]*User{"1": {Id: "1", Role: UserRoleOwner}, "2": {Id: "2", Role: "user"}, "3": {Id: "3", Role: "user"}}
 	accountId := "test_account_id"

 	account, err := createAccount(manager, accountId, users["1"].Id, "")